CVE-2026-0007 - CERT CVE

  1. CVE-2026-0007

ID CVE-2026-0007
Sažetak In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Reference
CVSS
Base: 8.6
Impact: 6.0
Exploitability:1.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH HIGH
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Zadnje važnije ažuriranje 03-03-2026 - 17:16
Objavljeno 02-03-2026 - 19:16