CVE-2021-26557: 
Octopus Deploy Tentacle (Agent) vulnerability analysis and mitigation

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access. This vulnerability, identified as CVE-2021-26557, affects Octopus Tentacle versions from 3.15.4 up to (excluding) 6.0.489 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-426 (Untrusted Search Path) and requires local access with user interaction for exploitation (NVD).

If successfully exploited, this vulnerability could allow an unprivileged user to gain elevated privileges through DLL side-loading, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (NVD).

Users should upgrade their Octopus Tentacle installations to version 6.0.489 or later to address this vulnerability. The fix ensures proper ACL settings when installing Tentacle in custom folder locations (NVD).