CVE-2026-22078
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
The vulnerability in O+ Connect's IPC service stems from a lack of client authentication. External applications can escalate privileges and perform sensitive actions through the IPC channel.
Risk Assessment
The organization is at risk of unauthorized access to sensitive system functions and potential application takeover by malicious software.
Recommendation
Immediately update O+ Connect to a version that introduces IPC client authentication. If a patch is unavailable, restrict access to the IPC channel using a firewall or access control lists.
Original NVD description (English source)
Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.

