Privilege Escalation Vulnerability in O+ Connect IPC Service
CVE-2026-22078

7.3HIGH

Key Information:

Vendor: Oppo
Status: O+ Connect
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-22078?

The IPC service in O+ Connect is prone to a privilege escalation vulnerability due to the lack of client authentication. This flaw allows external applications to gain unauthorized access and perform sensitive actions through the IPC channel, potentially compromising the integrity of the affected system.

Affected Version(s)

O+ Connect 16.0.33

References

https://security.oppo.com/en/noticeDetail?notice_only_key...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jan 6, 2026

CVE-2026-22078 Data

JSON

Oppo

What is CVE-2026-22078?

Affected Version(s)

References

CVSS V3.1

Timeline