Skip to main content

Android Modem EUVDEUVD-2026-37196

| CVE-2026-0164 HIGH
Out-of-bounds Write (CWE-787)
2026-06-16 Google_Devices GHSA-pmgw-xx83-hqxj
8.8
CVSS 3.1 · Vendor: Google_Devices
Share

Severity by source

Vendor (Google_Devices) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Modem RCE is realistically reached over the radio (AV:A), requires rogue-cell setup and protocol-specific crafting (AC:H), needs no auth at the radio layer (PR:N), and yields full code execution impact.

3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Google_Devices).

CVSS VectorVendor: Google_Devices

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 18, 2026 - 05:44 vuln.today
CVSS changed
Jun 18, 2026 - 03:38 NVD
8.8 (None) 8.8 (HIGH)
CVE Published
Jun 16, 2026 - 18:51 cve.org
HIGH 8.8
CVE Published
Jun 16, 2026 - 18:51 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

AnalysisAI

Remote code execution in the Android Modem component (per the Pixel 2026-06-01 security bulletin) is possible via an out-of-bounds write triggered without user interaction. Authenticated remote attackers (PR:L per CVSS) can corrupt memory to execute arbitrary code at the same privilege level as the Modem process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Position rogue base station near target
Delivery
Force device to attach to attacker cell
Exploit
Send malformed signaling message
Execution
Trigger out-of-bounds write in Modem
Persist
Hijack Modem control flow
Impact
Execute code in baseband context

Vulnerability AssessmentAI

Exploitation Exploitation targets the Android Modem (baseband) component on Google Android, as covered by the Pixel 2026-06-01 bulletin, and requires the attacker to deliver a crafted message that the Modem parses - in practice over the cellular radio interface - without any user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed: CVSS 3.1 is 8.8 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:H), implying network-reachable, low-complexity, no-user-interaction exploitation with total CIA impact, which is severe for a baseband-class bug. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operating a rogue cellular base station within radio range of a vulnerable Pixel/Android device sends a malformed signaling message that the Modem parses without proper bounds checking, overflowing a buffer and overwriting adjacent memory. Because UI:N, the victim takes no action; successful exploitation yields code execution inside the Modem with high impact to confidentiality, integrity, and availability. …
Remediation Patch available per vendor advisory: install the Android/Pixel security update with patch level 2026-06-01 or later, as published in the June 2026 Pixel bulletin (https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01), and confirm the device's Android security patch level reflects that date after reboot. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit inventory of Pixel 2026 devices and confirm current security patch level against Google's 2026-06-01 security bulletin. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-37196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy