CVE Catalog

CVE-2026-22078

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

1th percentile — higher than 1% of all known CVEs

Summary

The vulnerability in O+ Connect's IPC service stems from a lack of client authentication. External applications can escalate privileges and perform sensitive actions through the IPC channel.

Risk Assessment

The organization is at risk of unauthorized access to sensitive system functions and potential application takeover by malicious software.

Recommendation

Immediately update O+ Connect to a version that introduces IPC client authentication. If a patch is unavailable, restrict access to the IPC channel using a firewall or access control lists.

Original NVD description (English source)

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS