Skip to main content

osquery EUVDEUVD-2026-42919

| CVE-2026-54000 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-07-10 GitHub_M
7.0
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.3 HIGH

Local standard-user access (PR:L) with a triggering process query needed (UI:R); SYSTEM-level heap write yields high C/I/A; scope kept S:U to match vendor SC/SI/SA:N.

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
Patch available
Jul 10, 2026 - 17:01 EUVD
Analysis Generated
Jul 10, 2026 - 16:18 vuln.today
CVE Published
Jul 10, 2026 - 14:51 cve.org
HIGH 7.0

DescriptionCVE.org

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to unchecked PEB string lengths in process command-line and current-directory reads. If exploited successfully, this could allow a potential local privilege escalation from standard user to SYSTEM. This issue is fixed in version 5.23.1.

AnalysisAI

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the processes table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain standard-user foothold on Windows host
Delivery
Launch process with oversized PEB string lengths
Exploit
osquery SYSTEM agent queries processes table
Execution
Trigger heap out-of-bounds write (CWE-122)
Impact
Achieve code execution as SYSTEM

Vulnerability AssessmentAI

Exploitation Requires local code execution as a standard (unprivileged) user on a Windows host running a vulnerable osquery (<5.23.1); the attacker must be able to start a process and control its PEB command-line and current-directory string Length values. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H, base 7.0) is internally consistent with the description: local vector, low attacker privileges required, and a passive user-interaction/context requirement (the SYSTEM-level osquery agent must run the process query). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A standard-user attacker with an interactive or code-execution foothold on a Windows host launches a process whose PEB command-line or current-directory UNICODE_STRING Length fields are set to oversized values. When the osquery agent (running as SYSTEM) next executes a scheduled or distributed query against the `processes` table, it reads those crafted lengths and performs a heap out-of-bounds write, which a skilled attacker can shape into code execution in the SYSTEM context. …
Remediation Vendor-released patch: 5.23.1 - upgrade all Windows osquery deployments to 5.23.1 or later, which adds bounds checking on the PEB string lengths (see commit 3d457c412eb0c986b0c37d8903edae8bc9f9e246 via PR https://github.com/osquery/osquery/pull/8934 and advisory https://github.com/osquery/osquery/security/advisories/GHSA-4r78-6hg6-33gg). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all Windows systems running osquery and document current versions; assess criticality of osquery to security operations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42919 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy