Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local app install vector (AV:L), explicit user interaction required (UI:R), no prior privileges (PR:N); DPC removal crosses the management security authority so S:C with full C/I/A impact on the managed device.
Primary rating from Vendor (google_android).
CVSS VectorVendor: google_android
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution privileges needed. User interaction is needed for exploitation.
AnalysisAI
Local privilege escalation in Android's PackageInstallerService allows a malicious app to remove a Device Policy Controller (DPC) from a managed device without Device Owner consent, breaking the enterprise management boundary. The flaw stems from a desynchronization between in-memory state and persisted state in createSessionInternal, and no public exploit has been identified at time of analysis. User interaction is required, but no additional execution privileges are needed beyond installing the malicious app.
Technical ContextAI
The vulnerability lives in PackageInstallerService.java, the core Android service that brokers all package install/uninstall sessions across Google Android (cpe:2.3:a:google:android). createSessionInternal is the entry point that constructs an InstallSession used by PackageInstaller clients. According to the description, the in-memory session state diverges from the on-disk persisted state ('desync from persistence'), which is a state-management / TOCTOU-class weakness (no specific CWE was published, but the behavior is consistent with CWE-367/CWE-372 race or stale-state checks). The practical consequence is that uninstall logic which should be gated by Device Owner (DO) approval can be applied to the DPC package itself, defeating the management model that Android Enterprise relies on.
RemediationAI
Patch available per vendor advisory - apply the Android security patch level published in the June 2026 Android Security Bulletin (https://source.android.com/docs/security/bulletin/android-17) once it is offered by your device OEM, and ensure managed-fleet devices are pinned to that or a later SPL via MDM compliance policy. As a compensating control before patching, restrict sideloading on managed devices by disabling 'Install unknown apps' for all sources via DevicePolicyManager and enforce Play Protect / managed Google Play as the sole install channel; the trade-off is reduced flexibility for users who legitimately install enterprise-signed APKs outside managed Play. Additionally, monitor MDM telemetry for unexpected DPC removal or 'device unmanaged' events, since exploitation manifests as the DPC silently disappearing from a previously enrolled device.
Same weakness CWE-362 – Race Condition
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37561