CVE-2026-0047

2026-03-02 18:43CVE-2026-0047google_android

PUBLISHED5.2

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Problem type

Elevation of privilege

Affected products

Google

Android

16-qpr2 - AFFECTED

References

source.android.com

https://source.android.com/security/bulletin/2026-03-01

GitHub Security Advisories

GHSA-x394-245g-p4p8

In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access...

https://github.com/advisories/GHSA-x394-245g-p4p8

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-0047

source.android.com

https://source.android.com/security/bulletin/2026-03-01

github.com

https://github.com/advisories/GHSA-x394-245g-p4p8

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-0047

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-0047",
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "dateUpdated": "2026-03-02T20:04:21.901Z",
    "dateReserved": "2025-10-15T15:39:39.764Z",
    "datePublished": "2026-03-02T18:43:00.441Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android",
        "dateUpdated": "2026-03-02T18:43:00.441Z"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "affected": [
        {
          "vendor": "Google",
          "product": "Android",
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "16-qpr2",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Elevation of privilege"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://source.android.com/security/bulletin/2026-03-01"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-02T20:04:21.901Z"
        },
        "title": "CISA ADP Vulnrichment",
        "problemTypes": [
          {
            "descriptions": [
              {
                "lang": "en",
                "description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges",
                "cweId": "CWE-280",
                "type": "CWE"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "version": "3.1",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "attackVector": "LOCAL",
              "attackComplexity": "LOW",
              "privilegesRequired": "NONE",
              "userInteraction": "NONE",
              "scope": "UNCHANGED",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH"
            }
          },
          {}
        ]
      }
    ]
  }
}