Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Modem RCE is realistically reached over the radio (AV:A), requires rogue-cell setup and protocol-specific crafting (AC:H), needs no auth at the radio layer (PR:N), and yields full code execution impact.
Primary rating from Vendor (Google_Devices).
CVSS VectorVendor: Google_Devices
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
AnalysisAI
Remote code execution in the Android Modem component (per the Pixel 2026-06-01 security bulletin) is possible via an out-of-bounds write triggered without user interaction. Authenticated remote attackers (PR:L per CVSS) can corrupt memory to execute arbitrary code at the same privilege level as the Modem process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation targets the Android Modem (baseband) component on Google Android, as covered by the Pixel 2026-06-01 bulletin, and requires the attacker to deliver a crafted message that the Modem parses - in practice over the cellular radio interface - without any user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed: CVSS 3.1 is 8.8 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:H), implying network-reachable, low-complexity, no-user-interaction exploitation with total CIA impact, which is severe for a baseband-class bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker operating a rogue cellular base station within radio range of a vulnerable Pixel/Android device sends a malformed signaling message that the Modem parses without proper bounds checking, overflowing a buffer and overwriting adjacent memory. Because UI:N, the victim takes no action; successful exploitation yields code execution inside the Modem with high impact to confidentiality, integrity, and availability. … |
| Remediation | Patch available per vendor advisory: install the Android/Pixel security update with patch level 2026-06-01 or later, as published in the June 2026 Pixel bulletin (https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01), and confirm the device's Android security patch level reflects that date after reboot. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit inventory of Pixel 2026 devices and confirm current security patch level against Google's 2026-06-01 security bulletin. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37196
GHSA-pmgw-xx83-hqxj