File Path Traversal Vulnerability in ColorOS Assistant by Oppo
CVE-2026-22070

7.1HIGH

Key Information:

Vendor: Oppo
Status: Coloros Assistant
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-22070?

An issue has been identified in ColorOS Assistant that permits unauthorized access through an unprotected start-download channel. This security flaw allows attackers to exploit file path traversal vectors, potentially allowing them to access sensitive files on the system. Users are advised to update their ColorOS Assistant to the latest version to mitigate this vulnerability and protect their devices.

Affected Version(s)

ColorOS Assistant 1.4.26

References

https://security.oppo.com/en/noticeDetail?notice_only_key...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-22070 Data

JSON