Platform Packages Apps Documentsui vulnerabilities

CVE-2026-0013 CVE-2026-0013: In setupLayout of PickActivity In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-32323 CVE-2025-32323: In getCallingAppName of Shared In getCallingAppName of Shared.java, there is a possible way to trick users into granting file access via deceptive text in a permission popup due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22439 CVE-2025-22439: In onLastAccessedStackLoaded of ActionHandler In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-43765 CVE-2024-43765: In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.