ASB-A-447135012 — Vulnetix

ASB-A-447135012 PUBLISHED

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
platform	packages/apps/DocumentsUI	16-qpr2-next, 15:0, 16:0

Timeline

Mar 1, 2026 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2026-03-01 advisory
https://android.googlesource.com/platform/packages/apps/DocumentsUI/+/9f2d3f09f8fdc099d5a2d4c8bf3e8ec460bb9233 patch

Open in Interactive Console →