Description
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
Published: 2026-04-30
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ColorOS Assistant contains an unauthenticated end‑point that accepts download requests. The handler fails to validate the file path supplied by the caller, enabling a path‑traversal attack. An attacker can request any file on the device’s filesystem and read its contents, resulting in potential data exfiltration, privacy violations or the delivery of additional malicious payloads. The CVSS score of 7.1 reflects the high impact and remote nature of the vulnerability.

Affected Systems

The vulnerability is present in the OPPO ColorOS Assistant application on OPPO devices. No specific firmware or version information is provided, so the risk applies to all current releases that include the unauthenticated start‑download channel until a patch is released.

Risk and Exploitability

The vulnerability is exploitable by any entity that can invoke the assistant’s download channel, which is unauthenticated. An EPSS score of 0.00012 indicates a very low probability of exploitation, but the CVSS score indicates a serious threat. The issue is not listed in the CISA KEV catalog, but the path‑traversal flaw combined with unauthenticated access makes it a high‑priority risk for affected OPPO devices. An attacker could trigger the channel remotely—e.g., via a crafted network request or a malicious local application—to read arbitrary files without needing user interaction.

Generated by OpenCVE AI on May 5, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available firmware update for OPPO ColorOS that resolves the unauthenticated start‑download channel flaw.
  • Disable or block the start‑download API in the assistant application to deny unauthenticated access.
  • Ensure that any file paths accepted by the download endpoint are properly normalized and validated against a whitelist to prevent traversal attacks.

Generated by OpenCVE AI on May 5, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
CPEs cpe:2.3:a:oppo:coloros_assistant:1.4.26:*:*:*:*:*:*:*

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Oppo
Oppo coloros Assistant
Vendors & Products Oppo
Oppo coloros Assistant

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
Title ColorOS Assistant Path Traversal Vulnerability
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:H'}

Subscriptions

Oppo Coloros Assistant
cve-icon MITRE

Status: PUBLISHED

Assigner: OPPO

Published:

Updated: 2026-04-30T13:01:16.332Z

Reserved: 2026-01-06T06:15:53.764Z

Link: CVE-2026-22070

cve-icon Vulnrichment

Updated: 2026-04-30T13:01:12.210Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T09:16:02.917

Modified: 2026-05-05T02:53:05.280

Link: CVE-2026-22070

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T05:00:06Z

Weaknesses