10
CVE-2026-0068
- EPSS 0.12%
- Veröffentlicht 17.06.2026 06:49:10
- Zuletzt bearbeitet 17.06.2026 06:49:10
- Quelle baff130e-b8d5-4e15-b3d3-c3cf5d
- CVE-Watchlists
- Unerledigt
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution privileges needed. User interaction is needed for exploitation.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGoogle
≫
Produkt
Android
Default Statusunaffected
Version
17
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| baff130e-b8d5-4e15-b3d3-c3cf5d5545c6 | 10 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
|
https://source.android.com/docs/security/bulletin/android-17