CVE-2025-26426
published 2025-09-04CVE-2025-26426: In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper…
medium5.1CVSS 3.1
AVLACLPRNUINSUCLILAN
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_base | >= 13:0 < 13:2025-05-01 | 13:2025-05-01 |
| platform | frameworks_base | >= 14:0 < 14:2025-05-01 | 14:2025-05-01 |
| platform | frameworks_base | >= 15-next:0 < 15-next:2025-05-01 | 15-next:2025-05-01 |
| platform | frameworks_base | >= 15:0 < 15:2025-05-01 | 15:2025-05-01 |
GHSA
GHSA-8f6p-c2hj-q5qh: In BroadcastController
ghsa_unreviewed·2025-09-04
CVE-2025-26426 [MEDIUM] CWE-20 GHSA-8f6p-c2hj-q5qh: In BroadcastController
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2025-26426: In BroadcastController
osv·2025-05-01
CVE-2025-26426 CVE-2025-26426: In BroadcastController
In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2025-26426: Android Security Bulletin 2025-05-01
CVE: CVE-2025-26426
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-310632322
[2]
vendor_android·2025-05-01·CVSS 5.1
CVE-2025-26426 [MEDIUM] CVE-2025-26426: Android Security Bulletin 2025-05-01
CVE: CVE-2025-26426
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-310632322
[2]
Android Security Bulletin 2025-05-01
CVE: CVE-2025-26426
Severity: HIGH
Type: EoP
Affected AOSP versions: 13, 14, 15
References: A-310632322
[2]
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-04
Published