CVE-2026-22070

Summary

ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.

Affected Software

VendorProductVersion RangeStatus
OPPOColorOS Assistant1.4.26unaffected

Weaknesses

  • CWE-23: CWE-23 Relative path traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References