CVE-2026-0124

10.0

Critical

Published:10 Mar 2026

Last updated:17 Jun 2026

Source:dsap-vuln-management@google.com

Analyzed

Weakness (CWE)

CWE-787Out-of-bounds Write

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: None
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): High
Integrity (Vulnerable): High
Availability (Vulnerable): High
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

There is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

dsap-vuln-management@google.com

https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01