Skip to main content

Android Bluetooth CVE-2026-0045

| EUVDEUVD-2026-33776 HIGH
Protection Mechanism Failure (CWE-693)
2026-06-01 google_android GHSA-8qpr-7jp9-rxm6
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 02, 2026 - 14:26 vuln.today
CVSS changed
Jun 02, 2026 - 14:22 NVD
7.8 (HIGH)
CVE Published
Jun 01, 2026 - 21:14 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 01, 2026 - 21:14 nvd
HIGH 7.8

DescriptionCVE.org

In bta_jv_rfcomm_connect of bta_jv_act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AnalysisAI

Local privilege escalation in the Android Bluetooth stack (versions 14, 15, 16, and 16-qpr2) allows an attacker with low privileges to bypass the bonding requirement for secure RFCOMM connections via a logic flaw in bta_jv_rfcomm_connect. No user interaction is required, and no public exploit identified at time of analysis, though Google has issued a fix in the June 2026 Android Security Bulletin.

Technical ContextAI

The flaw resides in bta_jv_act.cc, part of the Bluetooth Adaptation (BTA) Java/JNI layer in Android's Fluoride/Bluedroid stack that brokers RFCOMM (Radio Frequency Communication) socket connections between Java apps and the native Bluetooth controller. RFCOMM is the serial-port emulation protocol over L2CAP commonly used by SPP, HFP, and PBAP profiles, and bonding is the pairing process that establishes a long-term shared key enabling encrypted, authenticated links. CWE-693 (Protection Mechanism Failure) indicates the code path that should enforce bonding before permitting a 'secure' RFCOMM connection contains a logic error allowing that check to be skipped, so a 'secure' connection is established without the cryptographic prerequisite. CPE cpe:2.3:a:google:android scopes the issue to Google's Android platform code (AOSP Bluetooth) rather than vendor radio firmware.

RemediationAI

Apply the June 2026 Android security patch level (2026-06-01) or later, which contains Google's fix for the bta_jv_rfcomm_connect bonding-bypass; the advisory is published at https://source.android.com/docs/security/bulletin/2026/2026-06-01 and OEM updates will roll out subsequently - devices past end-of-life for security updates remain exposed. No exact AOSP tag is cited in the provided data, so confirm the specific build fingerprint via your device vendor's bulletin. As a compensating control until patches arrive, restrict installation of untrusted apps (Play Protect enabled, sideloading disabled via MDM), and for high-assurance deployments disable Bluetooth when not in use or use MDM policy to block apps from holding BLUETOOTH_CONNECT permission, accepting the trade-off that legitimate Bluetooth accessories (headsets, wearables, car kits) will not function while the restriction is in place.

Share

CVE-2026-0045 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy