PatchSiren

OPPO CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH OPPO CVE published 2026-06-29

CVE-2026-22078

CVE-2026-22078 is a HIGH-severity vulnerability in O+ Connect's IPC service. The IPC service does not authenticate clients, allowing external applications to escalate privileges and perform sensitive actions. This vulnerability has a CVSS score of 7.3. The CVE was published on June 29, 2026, and has not been modified since. The vendor, Unknown Vendor, has a low confidence level and needs review. Oppo is a [truncated]

HIGH OPPO CVE published 2026-05-19

CVE-2026-22069

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

MEDIUM OPPO CVE published 2026-04-27

CVE-2026-22077

## Summary CVE-2026-22077 describes a trusted domain validation flaw in the OPPO Wallet application that enables attackers to bypass protected interface access restrictions. The vulnerability may result in account token hijacking and sensitive information disclosure. The issue carries a CVSS 4.0 score of 5.6 (MEDIUM severity) and was published on April 27, 2026, with a subsequent modification on May 19, 2 [truncated]