Google Android vulnerabilities
9,713 known vulnerabilities affecting google/android.
Total CVEs
9,713
CISA KEV
49
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5220MEDIUM3343LOW265UNKNOWN2
Vulnerabilities
Page 8 of 486
CVE-2026-0023HIGHCVSS 7.8v14.0v15.0+5 more2026-03-02
CVE-2026-0023 [HIGH] CWE-269 CVE-2026-0023: In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to upda
In createSessionInternal of PackageInstallerService.java, there is a possible way for an app to update its ownership due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-0011HIGHCVSS 8.4v14.0v15.0+5 more2026-03-02
CVE-2026-0011 [HIGH] CWE-693 CVE-2026-0011: In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from
In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2025-48635HIGHCVSS 7.7v14.0v15.0+2 more2026-03-02
CVE-2025-48635 [HIGH] CWE-200 CVE-2025-48635: In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token le
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-0005MEDIUMCVSS 6.2v14.0v15.0+4 more2026-03-02
CVE-2026-0005 [MEDIUM] CWE-200 CVE-2026-0005: In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution priv
nvd
CVE-2026-20425MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20425 [MEDIUM] CWE-787 CVE-2026-20425: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.
nvd
CVE-2026-20439MEDIUMCVSS 4.4v15.02026-03-02
CVE-2026-20439 [MEDIUM] CWE-416 CVE-2026-20439: In imgsys, there is a possible system crash due to use after free. This could lead to local denial o
In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431955; Issue ID: MSV-5826.
nvd
CVE-2026-20443MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20443 [MEDIUM] CWE-416 CVE-2026-20443: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722.
nvd
CVE-2025-48642MEDIUMCVSS 5.5v14.0v15.0+5 more2026-03-02
CVE-2025-48642 [MEDIUM] CWE-200 CVE-2025-48642: In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in
In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20445MEDIUMCVSS 4.4v14.0v15.0+1 more2026-03-02
CVE-2026-20445 [MEDIUM] CWE-367 CVE-2026-20445: In MDDP, there is a possible system crash due to a race condition. This could lead to local denial o
In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.
nvd
CVE-2026-20427MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20427 [MEDIUM] CWE-787 CVE-2026-20427: In display, there is a possible escalation of privilege due to a missing bounds check. This could le
In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5537.
nvd
CVE-2026-20444MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20444 [MEDIUM] CWE-787 CVE-2026-20444: In display, there is a possible memory corruption due to a missing bounds check. This could lead to
In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721.
nvd
CVE-2025-48585MEDIUMCVSS 6.2v16.0v162026-03-02
CVE-2025-48585 [MEDIUM] CWE-20 CVE-2025-48585: In multiple functions of ProfilingService.java, there is a possible persistent denial of service due
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2025-48587MEDIUMCVSS 6.2v16.0v162026-03-02
CVE-2025-48587 [MEDIUM] CWE-20 CVE-2025-48587: In multiple functions of ProfilingService.java, there is a possible persistent denial of service due
In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20440MEDIUMCVSS 6.7v15.02026-03-02
CVE-2026-20440 [MEDIUM] CWE-1285 CVE-2026-20440: In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431968; Issue ID: MSV-5824.
nvd
CVE-2024-43766MEDIUMCVSS 6.5v14.0v15.0+4 more2026-03-02
CVE-2024-43766 [MEDIUM] CWE-319 CVE-2024-43766: In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invali
In multiple functions of btm_ble_sec.cc, there is a possible unencrypted communication due to Invalid error handling. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-0012MEDIUMCVSS 6.2v14.0v15.0+4 more2026-03-02
CVE-2026-0012 [MEDIUM] CWE-284 CVE-2026-0012: In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20438MEDIUMCVSS 6.4v15.02026-03-02
CVE-2026-20438 [MEDIUM] CWE-367 CVE-2026-20438: In MAE, there is a possible out of bounds write due to a race condition. This could lead to local es
In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.
nvd
CVE-2026-0027MEDIUMCVSS 6.7vAndroid kernel2026-03-02
CVE-2026-0027 [MEDIUM] CWE-416 CVE-2026-0027: In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free
In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2026-20441MEDIUMCVSS 6.7v15.02026-03-02
CVE-2026-20441 [MEDIUM] CWE-787 CVE-2026-20441: In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to lo
In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.
nvd
CVE-2026-20426MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02
CVE-2026-20426 [MEDIUM] CWE-787 CVE-2026-20426: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5538.
nvd