Skip to main content

O+ Connect EUVD-2026-30825

| CVE-2026-22069 HIGH
Incorrect Privilege Assignment (CWE-266)
2026-05-19 OPPO GHSA-447q-fg75-99r5
Privilege Escalation
7.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 19, 2026 - 03:45 vuln.today

DescriptionNVD

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

AnalysisAI

Local privilege escalation in OPPO's O+ Connect application stems from missing caller identity validation on a named pipe interface (CWE-266), allowing a low-privileged local user with user interaction to escalate to higher privileges with high availability impact and scope change. The CVSS 3.1 score is 7.3 and the issue was reported by OPPO itself; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

24 hours: Identify and document all systems running OPPO O+ Connect; uninstall or disable the application on non-critical systems. 7 days: Restrict local system access through group policy; implement principle of least privilege for all user accounts; deploy endpoint monitoring for privilege escalation detection. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-30825 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy