Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description states local EoP with no UI; a low-privilege app is the realistic caller, so AV:L/PR:L/UI:N, yielding full system C/I/A impact.
Primary rating from Vendor (google_android).
CVSS VectorVendor: google_android
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
AnalysisAI
Local privilege escalation in Android's SettingsLib component stems from a missing permission check caused by a logic error, allowing on-device attackers to elevate privileges without user interaction or additional execution rights. No public exploit identified at time of analysis, and the issue is addressed in the Android Security Bulletin for Android 17. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have local code execution on the Android device - typically via an installed app - that can reach the SettingsLib code path containing the missing permission check; no user interaction and no additional execution privileges are required once the app runs. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are sharply conflicting. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious app installed on the device (e.g., sideloaded or delivered via a trojanized Play listing) silently invokes the unguarded SettingsLib code path and obtains system-level privileges without prompting the user, then pivots to read protected settings, modify network/account state, or stage further on-device compromise. No public PoC is identified at time of analysis, but the absence of required user interaction makes such an app highly stealthy once installed. |
| Remediation | Patch available per vendor advisory - apply the Android Security Bulletin update referenced at https://source.android.com/docs/security/bulletin/android-17 by moving devices to the security patch level that includes the SettingsLib fix; exact fix version is not enumerated in the input data and should be read from the bulletin entry for CVE-2026-0071. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory organizational Android devices and audit current OS versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37567