Domain Validation Flaw in OPPO Wallet APP Allows Unauthorized Access
CVE-2026-22077

5.6MEDIUM

Key Information:

Vendor: Oppo
Status: Oppo Wallet App
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-22077?

The OPPO Wallet APP has a trusted domain validation flaw that permits attackers to bypass protections surrounding interface access. This vulnerability exposes users to potential account token hijacking, leading to the risk of unauthorized access and sensitive information disclosure.

Affected Version(s)

OPPO Wallet APP all

References

https://security.oppo.com/en/noticeDetail?notice_only_key...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-22077 Data

JSON

Oppo

What is CVE-2026-22077?

Affected Version(s)

References

CVSS V4

Timeline