CVE-2026-22078

Description

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

References

• https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-2070415238859333632