CVE-2026-0046 in Androidinformation

Résumé

par MITRE • 02/06/2026

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Google Android

Réserver

15/10/2025

Divulgation

02/06/2026

Modérer

accepté

Entrée

VDB-367835

CPE

prêt

CWE

CWE-275 (confirmé)

CVSS

7.8 (VulDB)

EPSS

0.00005

KEV

non

Activités

très faible

Secteur

Lawfirm, Homeoffice, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-0046
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-0046
CVE Details	https://www.cvedetails.com/cve/CVE-2026-0046/

◂ Précédent Aperçu Suivant ▸

Interested in the pricing of exploits?

See the underground prices here!