CVE-2022-50890

HighPublic PoC

Published: 13 January 2026

Published

13 January 2026

Modified

29 January 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0044 63.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-50890 is a high-severity Path Traversal (CWE-22) vulnerability in Skyjos Owlfiles. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 36.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

NVD Description

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on…

the device.

Deeper analysisAI

CVE-2022-50890 is a path traversal vulnerability (CWE-22) in Owlfiles File Manager version 12.0.1. The flaw affects the application's built-in HTTP server, enabling attackers to access restricted system directories on the device through specially crafted requests. Published on 2026-01-13, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact.

Remote attackers can exploit the vulnerability without authentication, privileges, or user interaction by sending GET requests containing directory traversal sequences, such as ../ patterns. Successful exploitation allows reading contents of system directories, potentially exposing sensitive files on the targeted device.

Advisories and mitigation guidance are detailed in resources including the VulnCheck advisory at https://www.vulncheck.com/advisories/owlfiles-file-manager-path-traversal, while a proof-of-concept exploit is publicly available on Exploit-DB at https://www.exploit-db.com/exploits/51036. Additional context appears on the Owlfiles App Store page (https://apps.apple.com/us/app/owlfiles-file-manager/id510282524) and https://www.skyjos.com/.

Details

CWE(s): CWE-22

Affected Products

skyjos

owlfiles

12.0.1

CVEs Like This One

CVE-2026-20688Same product: Apple Ipados

CVE-2026-20615Same product: Apple Ipados

CVE-2026-20660Same product: Apple Ipados

CVE-2025-24230Same product: Apple Ipados

CVE-2025-31281Same product: Apple Ipados

CVE-2025-24243Same product: Apple Ipados

CVE-2025-24211Same product: Apple Ipados

CVE-2025-24190Same product: Apple Ipados

CVE-2025-24173Same product: Apple Ipados

CVE-2025-30471Same product: Apple Ipados

References

https://apps.apple.com/us/app/owlfiles-file-manager/id510282524
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51036
Exploit · disclosure@vulncheck.com
https://www.skyjos.com/
Product · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/owlfiles-file-manager-path-traversal
Third Party Advisory · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51036
Exploit · 134c704f-9b21-4f2e-91b3-4a467353bcc0