Platform
android
Component
owlfiles
Fixed in
12.0.2
CVE-2022-50890 describes a path traversal vulnerability discovered in Owlfiles File Manager, specifically affecting version 12.0.1. This flaw allows unauthorized access to system directories on Android devices running the vulnerable software. Exploitation involves crafting malicious GET requests to bypass access controls and retrieve sensitive files. A fix is available, and users are strongly advised to update.
The path traversal vulnerability in Owlfiles File Manager allows an attacker to bypass intended access restrictions and directly access files and directories on the device's file system. By crafting carefully designed GET requests containing directory traversal sequences (e.g., ../), an attacker can navigate outside the intended web application root and access arbitrary files. This could include sensitive configuration files, user data, or even system binaries. The potential impact ranges from information disclosure to potential remote code execution if the attacker can leverage the accessed files to compromise the device further. While direct code execution is not explicitly stated, the ability to access system files significantly increases the attack surface.
CVE-2022-50890 was publicly disclosed on January 13, 2026. The vulnerability's simplicity and the widespread use of file manager applications on Android devices suggest a potential for exploitation. There is no indication of this CVE being added to the CISA KEV catalog or active exploitation campaigns at this time. Public proof-of-concept (POC) code may emerge, increasing the risk of exploitation.
Exploit Status
EPSS
0.44% (63% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2022-50890 is to upgrade Owlfiles File Manager to a patched version. Since a specific fixed version is not provided, it is crucial to monitor the vendor's official channels for updates. As a temporary workaround, restrict access to the file manager's HTTP server using a firewall or network segmentation. Consider implementing input validation and sanitization on all user-supplied input to prevent directory traversal attempts. Regularly review file system permissions to ensure that sensitive files are not accessible to unauthorized users or processes.
Update to the latest available version of Owlfiles File Manager to mitigate the path traversal vulnerability. Check for updates in the corresponding app store. Avoid opening files from untrusted sources until the update is applied.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-50890 is a vulnerability in Owlfiles File Manager version 12.0.1 that allows attackers to access system directories by crafting malicious GET requests.
If you are using Owlfiles File Manager version 12.0.1, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Owlfiles File Manager. Monitor the vendor's official channels for updates.
There is currently no confirmed evidence of active exploitation, but the vulnerability's simplicity suggests a potential for future attacks.
Refer to the Owlfiles File Manager official website or their security advisory page for the latest information and updates regarding CVE-2022-50890.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your build.gradle file and we'll tell you instantly if you're affected.