CVE-2022-50919 – CVE-2022-50919 is an unauthenticated remote cod... (How to Fix)

Q: What is the severity of CVE-2022-50919?

CVE-2022-50919 has a CVSS score of 9.8 (CRITICAL). CVE-2022-50919 is an unauthenticated remote code execution vulnerability in Tdarr's Help terminal that allows attackers to inject arbitrary commands. Attackers can chain commands to execute malicious code without authentication, potentially compromising the entire system. All users running vulnerable Tdarr versions are affected.

📋 TL;DR

CVE-2022-50919 is an unauthenticated remote code execution vulnerability in Tdarr's Help terminal that allows attackers to inject arbitrary commands. Attackers can chain commands to execute malicious code without authentication, potentially compromising the entire system. All users running vulnerable Tdarr versions are affected.

💻 Affected Systems

Products:

Tdarr

Versions: 2.00.15 and earlier versions

Operating Systems: All platforms running Tdarr

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. The Help terminal feature is enabled by default and accessible without authentication.

📦 What is this software?

Tdarr by Tdarr

View all CVEs affecting Tdarr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, exfiltrate data, pivot to other systems, or deploy ransomware across the network.

🟠

Likely Case

Attackers gain initial foothold on the system, install cryptocurrency miners or backdoors, and potentially access sensitive media processing data.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting the Tdarr application container.

🌐 Internet-Facing: HIGH - Unauthenticated RCE with public exploit available makes internet-facing instances immediate targets for automated attacks.

🏢 Internal Only: MEDIUM - Internal instances still vulnerable to insider threats or compromised internal systems, but less exposed to mass scanning.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on Exploit-DB (50822) with simple command injection payloads. Attack requires no authentication and minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.00.16 and later

Vendor Advisory: https://tdarr.io

Restart Required: Yes

Instructions:

1. Stop Tdarr service. 2. Update to version 2.00.16 or later via package manager or manual download. 3. Restart Tdarr service. 4. Verify version is updated.

🔧 Temporary Workarounds

Disable Help Terminal

all

Disable the vulnerable Help terminal feature if immediate patching isn't possible

Modify Tdarr configuration to disable Help terminal or restrict access

Network Access Control

linux

Restrict network access to Tdarr instance using firewall rules

iptables -A INPUT -p tcp --dport [Tdarr_port] -s [trusted_ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [Tdarr_port] -j DROP

🧯 If You Can't Patch

Isolate Tdarr instance on separate VLAN with strict network segmentation
Implement application-level firewall or WAF with command injection detection rules

🔍 How to Verify

Check if Vulnerable:

Check Tdarr version via web interface or configuration file. Versions 2.00.15 and earlier are vulnerable.

Check Version:

Check Tdarr web interface dashboard or configuration files for version information

Verify Fix Applied:

Verify version is 2.00.16 or later. Test Help terminal with command injection attempts (e.g., '--help; echo test') should fail.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in Tdarr logs
Multiple failed command injection attempts
Suspicious Help terminal usage patterns

Network Indicators:

Outbound connections from Tdarr to unusual destinations
Command and control traffic patterns
Unexpected file downloads

SIEM Query:

source="tdarr.log" AND ("--help;" OR "|" OR ";" OR "&&" OR command injection patterns)

📊 Metadata

CVE ID: CVE-2022-50919

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.79% exploit probability (73.5th percentile)

Published: January 13, 2026

Last Updated: January 29, 2026

🔗 References

https://tdarr.io Product
https://www.exploit-db.com/exploits/50822 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/tdarr-command-injection Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50919, you might also want to check these: