Vulnerability Details CVE-2026-0005
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.8%
CVSS Severity
CVSS v3 Score 6.2