Skip to main content

Android EUVDEUVD-2026-33809

| CVE-2026-0099 HIGH
Improper Check for Dropped Privileges (CWE-273)
2026-06-01 google_android GHSA-g5w2-p7g6-9x7g
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 02, 2026 - 00:30 vuln.today
CVSS changed
Jun 01, 2026 - 23:22 NVD
7.8 (HIGH)
CVE Published
Jun 01, 2026 - 21:14 nvd
UNKNOWN (no severity yet)
CVE Published
Jun 01, 2026 - 21:14 nvd
HIGH 7.8

DescriptionCVE.org

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

AnalysisAI

Local privilege escalation in Google Android (versions 14, 15, 16, and 16-qpr2) allows a low-privileged local app to launch an arbitrary activity from the background by abusing a logic error in HostEmulationManager.onNullBinding(). Exploitation requires user interaction but no extra execution privileges, and no public exploit has been identified at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Trick user into installing malicious app
Delivery
App registers NFC HCE service in background
Exploit
User interaction triggers HostEmulationManager binding
Execution
onNullBinding logic flaw launches background activity
Persist
Overlay or phishing UI captures sensitive input
Impact
Local privilege escalation achieved

Vulnerability AssessmentAI

Exploitation Attacker must already have code execution on the device as an installed third-party application with NFC/HCE service registration capability (PR:L - local low privilege). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects high local impact but requires an attacker-controlled app already running on the device, with low privileges. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user installs a seemingly benign app from a third-party store or a sideloaded APK; the app registers an NFC HCE service and waits in the background. When the user interacts with the app (e.g., taps a notification or button), the malicious service triggers the onNullBinding logic flaw to launch a phishing or overlay activity from the background, capturing credentials or escalating to higher-privileged components. …
Remediation Apply the Android security patch level 2026-06-01 or later as published in the Android Security Bulletin (https://source.android.com/docs/security/bulletin/2026/2026-06-01); OEM-released builds incorporating this patch level are the authoritative fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Catalog all Android 14, 15, 16, and 16-qpr2 devices across enterprise and BYOD infrastructure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-33809 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy