Critical Remote Code Execution Vulnerability Discovered in Google Android

A vulnerability was discovered in Google Android that allows a remote attacker to execute arbitrary code. The flaw was reported on May 5, 2026, as detailed in the security advisory CERTFR-2026-AVI-0534 issued by the French government's CERT (ANSSI). No specific CVE identifier, affected Android versions, or technical details about the exploitation mechanism were provided in the notice. The impact is limited to remote code execution, enabling unauthorized control over vulnerable devices. The advisory does not mention any observed exploitation in the wild or mitigation steps.