ASB-A-428701593 — Vulnetix

ASB-A-428701593 PUBLISHED

In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	frameworks/base	16-qpr2-next:0, 16-qpr2-next, 15

Exploit Intelligence

seed.ts (github-poc)
ghost_report_20260113_010235.json (github-poc)

Timeline

Mar 1, 2026 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2026-03-01 advisory
https://android.googlesource.com/platform/frameworks/base/+/e363f82104566378b4b9936d6caf27c3ee631d80 patch

Open in Interactive Console →