CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-26426

In BroadcastController.java of registerReceiverWithFeatureTraced, there is a possible way to receive broadcasts meant for the "android" package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.7%

CVSS Severity

CVSS v3 Score 5.1

References

https://android.googlesource.com/platform/frameworks/base/+/475f9914f71641f0eedc4a8412cf48f49290a60c
https://android.googlesource.com/platform/frameworks/base/+/99aae825ded253fe58695ceb853f2f631137f1c4
https://source.android.com/security/bulletin/2025-05-01

Products affected by CVE-2025-26426

Google » Android » Version: 13.0

cpe:2.3:o:google:android:13.0
Google » Android » Version: 14.0

cpe:2.3:o:google:android:14.0
Google » Android » Version: 15.0

cpe:2.3:o:google:android:15.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26426

Products

Pricing

Contact Us