CVE-2026-22077
Trusted Domain Validation Bypass in OPPO Wallet Enables Token Hijacking
Publication date: 2026-04-27
Last updated on: 2026-04-27
Assigner: OPPO Mobile Telecommunication Corp., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oppo | wallet | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in OPPO Wallet APP allows attackers to bypass protected interface access restrictions, potentially leading to account token hijacking and sensitive information disclosure.
Such unauthorized access and disclosure of sensitive information could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
Can you explain this vulnerability to me?
The vulnerability in the OPPO Wallet APP is a trusted domain validation flaw. This flaw allows attackers to bypass the restrictions that protect certain interfaces within the app. As a result, attackers may be able to hijack account tokens and disclose sensitive information.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to gain unauthorized access to protected parts of the OPPO Wallet APP. Specifically, attackers could hijack your account tokens, which may lead to unauthorized transactions or access to your account. Additionally, sensitive information stored or accessible through the app could be exposed.