Description
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
References (1)
Core 1
Scores
CVSS v3
7.1
EPSS
0.0021
EPSS Percentile
10.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
CWE-23
Status
published
Products (2)
OPPO/ColorOS Assistant
1.4.26
oppo/coloros_assistant
1.4.26
Published
Apr 30, 2026
Tracked Since
Apr 30, 2026