CVE-2026-22078
HIGHO+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.
Title source: cnaDescription
Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.
References (1)
Core 1
Scores
CVSS v3
7.3
EPSS
0.0009
EPSS Percentile
0.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
Status
published
Products (1)
OPPO/O+ Connect
16.0.33
Published
Jun 29, 2026
Tracked Since
Jun 29, 2026