Skip to main content

Osquery

8 CVEs product

Monthly

CVE-2026-54000 HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the `processes` table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Privilege Escalation Heap Overflow Microsoft Buffer Overflow Osquery
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-54001 HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a maliciously crafted binary and having the authenticode table query it, triggering a heap out-of-bounds write in the getOriginalProgramName publisher-parsing routine. The flaw is a CWE-122 heap buffer overflow reachable whenever osquery (typically running as SYSTEM) evaluates authenticode publisher metadata against attacker-controlled files. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.

Privilege Escalation Heap Overflow Microsoft Buffer Overflow Osquery
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-46388 MEDIUM PATCH This Month

File carve operations in osquery prior to 5.23.1 expose sensitive data due to world-readable temporary directory permissions, allowing a local unprivileged attacker to read carve contents during the collection window. If the carve targets a directory the attacker controls, the impact extends to arbitrary local file reads. No public exploit identified at time of analysis; the vendor-confirmed fix ships in osquery 5.23.1.

Information Disclosure Osquery
NVD GitHub
CVSS 3.1
4.4
EPSS
0.1%
CVE-2020-26273 MEDIUM POC PATCH This Month

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Osquery
NVD GitHub
CVSS 3.1
5.2
EPSS
0.9%
CVE-2020-11081 HIGH POC PATCH This Week

osquery before version 4.4.0 enables a privilege escalation vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Osquery
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-1887 CRITICAL PATCH Act Now

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Osquery
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2019-3567 HIGH This Week

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Osquery
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-6336 HIGH POC This Week

An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osquery
NVD
CVSS 3.1
7.8
EPSS
0.5%
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the `processes` table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Privilege Escalation Heap Overflow Microsoft +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a maliciously crafted binary and having the authenticode table query it, triggering a heap out-of-bounds write in the getOriginalProgramName publisher-parsing routine. The flaw is a CWE-122 heap buffer overflow reachable whenever osquery (typically running as SYSTEM) evaluates authenticode publisher metadata against attacker-controlled files. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.

Privilege Escalation Heap Overflow Microsoft +2
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

File carve operations in osquery prior to 5.23.1 expose sensitive data due to world-readable temporary directory permissions, allowing a local unprivileged attacker to read carve contents during the collection window. If the carve targets a directory the attacker controls, the impact extends to arbitrary local file reads. No public exploit identified at time of analysis; the vendor-confirmed fix ships in osquery 5.23.1.

Information Disclosure Osquery
NVD GitHub
EPSS 1% CVSS 5.2
MEDIUM POC PATCH This Month

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Osquery
NVD GitHub
EPSS 1% CVSS 8.2
HIGH POC PATCH This Week

osquery before version 4.4.0 enables a privilege escalation vulnerability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Osquery
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Osquery
NVD GitHub
EPSS 2% CVSS 8.1
HIGH This Week

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Osquery
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osquery
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy