Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0679
Vulnerability from certfr_avis - Published: 2026-06-02 - Updated: 2026-06-02
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Google indique que la vulnérabilité CVE-2025-48595 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions ant\u00e9rieures \u00e0 14, 15, 16, 16-qpr2 et Filet avant le correctif du 1er juin 2026",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0075"
},
{
"name": "CVE-2025-47384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47384"
},
{
"name": "CVE-2026-0046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0046"
},
{
"name": "CVE-2026-20449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20449"
},
{
"name": "CVE-2026-22167",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22167"
},
{
"name": "CVE-2026-0100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0100"
},
{
"name": "CVE-2026-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0042"
},
{
"name": "CVE-2026-21372",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21372"
},
{
"name": "CVE-2026-0087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0087"
},
{
"name": "CVE-2026-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21546"
},
{
"name": "CVE-2026-28574",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28574"
},
{
"name": "CVE-2026-0052",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0052"
},
{
"name": "CVE-2026-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21378"
},
{
"name": "CVE-2025-71254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71254"
},
{
"name": "CVE-2026-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0091"
},
{
"name": "CVE-2025-48595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48595"
},
{
"name": "CVE-2026-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0088"
},
{
"name": "CVE-2026-21374",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21374"
},
{
"name": "CVE-2026-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0016"
},
{
"name": "CVE-2026-0078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0078"
},
{
"name": "CVE-2026-0048",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0048"
},
{
"name": "CVE-2025-59606",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59606"
},
{
"name": "CVE-2026-21736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21736"
},
{
"name": "CVE-2026-28581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28581"
},
{
"name": "CVE-2026-0044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0044"
},
{
"name": "CVE-2025-47401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47401"
},
{
"name": "CVE-2026-0051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0051"
},
{
"name": "CVE-2026-21547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21547"
},
{
"name": "CVE-2025-26418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26418"
},
{
"name": "CVE-2026-21544",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21544"
},
{
"name": "CVE-2026-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0050"
},
{
"name": "CVE-2026-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0096"
},
{
"name": "CVE-2026-0055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0055"
},
{
"name": "CVE-2026-0086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0086"
},
{
"name": "CVE-2026-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0061"
},
{
"name": "CVE-2026-0043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0043"
},
{
"name": "CVE-2026-20431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20431"
},
{
"name": "CVE-2026-21373",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21373"
},
{
"name": "CVE-2025-48570",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48570"
},
{
"name": "CVE-2026-20433",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20433"
},
{
"name": "CVE-2026-0056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0056"
},
{
"name": "CVE-2026-0095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0095"
},
{
"name": "CVE-2026-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21541"
},
{
"name": "CVE-2026-20432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20432"
},
{
"name": "CVE-2026-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0076"
},
{
"name": "CVE-2025-47400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47400"
},
{
"name": "CVE-2025-48600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48600"
},
{
"name": "CVE-2026-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0009"
},
{
"name": "CVE-2026-0070",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0070"
},
{
"name": "CVE-2026-0039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0039"
},
{
"name": "CVE-2026-21542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21542"
},
{
"name": "CVE-2026-28586",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28586"
},
{
"name": "CVE-2026-21353",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21353"
},
{
"name": "CVE-2026-0036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0036"
},
{
"name": "CVE-2026-0069",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0069"
},
{
"name": "CVE-2025-48649",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48649"
},
{
"name": "CVE-2026-21545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21545"
},
{
"name": "CVE-2026-0059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0059"
},
{
"name": "CVE-2025-71255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71255"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2026-28577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28577"
},
{
"name": "CVE-2025-48648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48648"
},
{
"name": "CVE-2026-0077",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0077"
},
{
"name": "CVE-2025-48612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48612"
},
{
"name": "CVE-2026-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0060"
},
{
"name": "CVE-2025-71256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71256"
},
{
"name": "CVE-2026-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21367"
},
{
"name": "CVE-2025-71253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71253"
},
{
"name": "CVE-2026-0079",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0079"
},
{
"name": "CVE-2026-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0099"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2026-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21538"
},
{
"name": "CVE-2026-28580",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28580"
},
{
"name": "CVE-2026-28578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28578"
},
{
"name": "CVE-2025-48652",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48652"
},
{
"name": "CVE-2026-24089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24089"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-21376",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21376"
},
{
"name": "CVE-2026-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21540"
},
{
"name": "CVE-2026-20455",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20455"
},
{
"name": "CVE-2026-20448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20448"
},
{
"name": "CVE-2026-0074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0074"
},
{
"name": "CVE-2025-48581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48581"
},
{
"name": "CVE-2025-22426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22426"
},
{
"name": "CVE-2026-21375",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21375"
},
{
"name": "CVE-2025-40214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40214"
},
{
"name": "CVE-2026-21352",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21352"
},
{
"name": "CVE-2026-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21543"
},
{
"name": "CVE-2026-0093",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0093"
},
{
"name": "CVE-2026-21381",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21381"
},
{
"name": "CVE-2025-71252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71252"
},
{
"name": "CVE-2026-20435",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20435"
},
{
"name": "CVE-2025-32348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32348"
},
{
"name": "CVE-2025-48616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48616"
},
{
"name": "CVE-2025-47392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47392"
},
{
"name": "CVE-2026-20447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20447"
},
{
"name": "CVE-2026-25277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25277"
},
{
"name": "CVE-2026-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0094"
},
{
"name": "CVE-2026-22163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22163"
},
{
"name": "CVE-2026-25276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25276"
},
{
"name": "CVE-2026-0045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0045"
},
{
"name": "CVE-2026-20454",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20454"
},
{
"name": "CVE-2026-0067",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0067"
},
{
"name": "CVE-2025-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48615"
},
{
"name": "CVE-2026-21539",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21539"
},
{
"name": "CVE-2026-0085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0085"
},
{
"name": "CVE-2026-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0097"
},
{
"name": "CVE-2026-0089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0089"
},
{
"name": "CVE-2025-71251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71251"
},
{
"name": "CVE-2025-59604",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59604"
},
{
"name": "CVE-2025-59605",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59605"
},
{
"name": "CVE-2026-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0018"
},
{
"name": "CVE-2025-47403",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47403"
},
{
"name": "CVE-2026-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0098"
},
{
"name": "CVE-2026-21380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21380"
},
{
"name": "CVE-2026-0080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0080"
},
{
"name": "CVE-2026-20450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20450"
},
{
"name": "CVE-2026-0041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0041"
},
{
"name": "CVE-2026-0040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0040"
},
{
"name": "CVE-2026-24085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24085"
},
{
"name": "CVE-2026-20453",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20453"
},
{
"name": "CVE-2025-22424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22424"
}
],
"initial_release_date": "2026-06-02T00:00:00",
"last_revision_date": "2026-06-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0679",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-06-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2025-48595 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": "2026-06-01",
"title": "Bulletin de s\u00e9curit\u00e9 Google Android",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01?hl=fr"
}
]
}
CVE-2026-0094 (GCVE-0-2026-0094)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:20.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.139Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0094",
"datePublished": "2026-06-01T21:14:55.139Z",
"dateReserved": "2025-10-15T15:42:54.883Z",
"dateUpdated": "2026-06-02T03:56:20.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0095 (GCVE-0-2026-0095)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:18.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.239Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0095",
"datePublished": "2026-06-01T21:14:55.239Z",
"dateReserved": "2025-10-15T15:42:56.290Z",
"dateUpdated": "2026-06-02T03:56:18.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0096 (GCVE-0-2026-0096)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:17.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.332Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0096",
"datePublished": "2026-06-01T21:14:55.332Z",
"dateReserved": "2025-10-15T15:42:57.649Z",
"dateUpdated": "2026-06-02T03:56:17.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0097 (GCVE-0-2026-0097)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-693 - Protection Mechanism Failure
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:16.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.421Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0097",
"datePublished": "2026-06-01T21:14:55.421Z",
"dateReserved": "2025-10-15T15:42:59.369Z",
"dateUpdated": "2026-06-02T03:56:16.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0098 (GCVE-0-2026-0098)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:15.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.519Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0098",
"datePublished": "2026-06-01T21:14:55.519Z",
"dateReserved": "2025-10-15T15:43:00.826Z",
"dateUpdated": "2026-06-02T03:56:15.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0099 (GCVE-0-2026-0099)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-noinfo Not enough information
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:14.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.610Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0099",
"datePublished": "2026-06-01T21:14:55.610Z",
"dateReserved": "2025-10-15T15:43:02.326Z",
"dateUpdated": "2026-06-02T03:56:14.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0100 (GCVE-0-2026-0100)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:14 – Updated: 2026-06-02 03:56
VLAI
EPSS
Summary
In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of privilege
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-0100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T03:56:12.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "16-qpr2"
},
{
"status": "affected",
"version": "16"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:14:55.715Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"
}
],
"x_generator": {
"engine": "cvelib 1.7.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2026-0100",
"datePublished": "2026-06-01T21:14:55.715Z",
"dateReserved": "2025-10-15T15:43:03.878Z",
"dateUpdated": "2026-06-02T03:56:12.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20431 (GCVE-0-2026-20431)
Vulnerability from cvelistv5 – Published: 2026-04-07 03:25 – Updated: 2026-04-07 12:59
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
- CWE-noinfo Not enough information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT6813
Affected: MT6815 Affected: MT6835 Affected: MT6878 Affected: MT6897 Affected: MT6899 Affected: MT6986 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8775 Affected: MT8792 Affected: MT8793 Affected: MT8863 Affected: MT8873 Affected: MT8883 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T12:59:15.295899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T12:59:17.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:25:28.491Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20431",
"datePublished": "2026-04-07T03:25:28.491Z",
"dateReserved": "2025-11-03T01:30:59.011Z",
"dateUpdated": "2026-04-07T12:59:17.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20432 (GCVE-0-2026-20432)
Vulnerability from cvelistv5 – Published: 2026-04-07 03:25 – Updated: 2026-04-08 03:55
VLAI
EPSS
Summary
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6779 Affected: MT6781 Affected: MT6783 Affected: MT6785 Affected: MT6789 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8775 Affected: MT8781 Affected: MT8789 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:25.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6779"
},
{
"status": "affected",
"version": "MT6781"
},
{
"status": "affected",
"version": "MT6783"
},
{
"status": "affected",
"version": "MT6785"
},
{
"status": "affected",
"version": "MT6789"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8781"
},
{
"status": "affected",
"version": "MT8789"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:25:30.263Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20432",
"datePublished": "2026-04-07T03:25:30.263Z",
"dateReserved": "2025-11-03T01:30:59.011Z",
"dateUpdated": "2026-04-08T03:55:25.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20433 (GCVE-0-2026-20433)
Vulnerability from cvelistv5 – Published: 2026-04-07 03:25 – Updated: 2026-04-08 03:55
VLAI
EPSS
Summary
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6833 Affected: MT6833P Affected: MT6835 Affected: MT6835T Affected: MT6853 Affected: MT6853T Affected: MT6855 Affected: MT6855T Affected: MT6873 Affected: MT6875 Affected: MT6875T Affected: MT6877 Affected: MT6877T Affected: MT6877TT Affected: MT6878 Affected: MT6878M Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6895TT Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6980D Affected: MT6983 Affected: MT6983T Affected: MT6985 Affected: MT6985T Affected: MT6989 Affected: MT6989T Affected: MT6990 Affected: MT6991 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8775 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:26.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6833P"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6835T"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6853T"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6855T"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6875T"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6877T"
},
{
"status": "affected",
"version": "MT6877TT"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6878M"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6895TT"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6980D"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6983T"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6985T"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6989T"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:25:32.066Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20433",
"datePublished": "2026-04-07T03:25:32.066Z",
"dateReserved": "2025-11-03T01:30:59.011Z",
"dateUpdated": "2026-04-08T03:55:26.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…