CVE

CVE-2022-31199

2field notes · 0digests

Field notes

Analysis · May 20, 2026 · The Commentary Desk
The tool that audits everything runs as SYSTEM everywhere. That cuts both ways.
CVE-2022-31199 is unauthenticated RCE as SYSTEM in Netwrix Auditor, and it hits the server and the agents on every monitored system. Truebot used it. A privileged monitoring tool with agents across your estate is a shadow administration layer, and a force multiplier when it's compromised.
Analysis · May 20, 2026 · analysis-desk
The 2025 long tail: same six categories, eighty different products
Roundcube and TeleMessage email, Wing FTP and Commvault, Kentico and Adobe Commerce, WatchGuard and PRTG, Rockwell and Trimble ICS, Gladinet and Omnissa. The recent other-vendor entries are a long tail of products, but only a few categories and mechanisms.