High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-0035
High
Low
Medium
High
Critical
8.4
CVSS Score
Vulnerability Description
In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
3 configuration(s) from 1 vendor(s)
android
Version:
14.0
CPE:
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
android
Version:
16.0
CPE:
cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*
android
Version:
15.0
CPE:
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
8.4
out of 10.0
High
Weakness Type (CWE)
CWE-125
Top 25 #11
Out-of-bounds Read
- Description
- The product reads data past the end, or before the beginning, of the intended buffer.
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- March 02, 2026
