VDB

GCVE-110-NCSC-2026-74

GCVE-110-NCSC-2026-74
Advisory PublishedCVSS 6.5/10
Vulnetix · Advisory published March 3, 2026
MmsProvider.java contains a path traversal vulnerability enabling arbitrary file deletion, potentially causing local denial of service in telephony, SMS, and MMS functions without user interaction or additional privileges.

Weaknesses (CWE)

CWE-319Cleartext Transmission of Sensitive InformationCWE-476NULL Pointer DereferenceCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-416Use After FreeCWE-617Reachable AssertionCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds WriteCWE-366Race Condition within a ThreadCWE-457Use of Uninitialized VariableCWE-749Exposed Dangerous Method or FunctionCWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-1262Improper Access Control for Register InterfaceCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-126Buffer Over-readCWE-415Double FreeCWE-401Missing Release of Memory after Effective LifetimeCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-862Missing AuthorizationCWE-441Unintended Proxy or Intermediary ('Confused Deputy')CWE-59Improper Link Resolution Before File Access ('Link Following')CWE-20Improper Input ValidationCWE-770Allocation of Resources Without Limits or ThrottlingCWE-367Time-of-check Time-of-use (TOCTOU) Race ConditionCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-190Integer Overflow or WraparoundCWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds ReadCWE-639Authorization Bypass Through User-Controlled KeyCWE-280Improper Handling of Insufficient Permissions or Privileges

Risk Scores

CVSS 3.1
6.5/10
Medium · CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
Googlevers:unknown/*
Samsungvers:unknown/*

Aliases

CVE-2024-43766CVE-2024-43859CVE-2025-10865CVE-2025-13952CVE-2025-20760CVE-2025-20761CVE-2025-20762CVE-2025-20793CVE-2025-20794CVE-2025-20795CVE-2025-2879CVE-2025-32313CVE-2025-38616CVE-2025-38618CVE-2025-39682CVE-2025-39946CVE-2025-40266CVE-2025-47339CVE-2025-47346CVE-2025-47348CVE-2025-47366CVE-2025-47378CVE-2025-47385CVE-2025-47388CVE-2025-47394CVE-2025-47395CVE-2025-47396CVE-2025-47397CVE-2025-47398CVE-2025-47402CVE-2025-48544CVE-2025-48567CVE-2025-48568CVE-2025-48574CVE-2025-48577CVE-2025-48578CVE-2025-48579CVE-2025-48582CVE-2025-48585CVE-2025-48587CVE-2025-48602CVE-2025-48605CVE-2025-48609CVE-2025-48613CVE-2025-48619CVE-2025-48630CVE-2025-48631CVE-2025-48634CVE-2025-48635CVE-2025-48641CVE-2025-48642CVE-2025-48644CVE-2025-48645CVE-2025-48646CVE-2025-48650CVE-2025-48653CVE-2025-48654CVE-2025-58407CVE-2025-58408CVE-2025-58409CVE-2025-58411CVE-2025-59600CVE-2025-64783CVE-2025-64784CVE-2025-64893CVE-2025-69278CVE-2025-69279CVE-2026-0005CVE-2026-0006CVE-2026-0007CVE-2026-0008CVE-2026-0010CVE-2026-0011CVE-2026-0012CVE-2026-0013CVE-2026-0014CVE-2026-0015CVE-2026-0017CVE-2026-0020CVE-2026-0021CVE-2026-0023CVE-2026-0024CVE-2026-0025CVE-2026-0026CVE-2026-0027CVE-2026-0028CVE-2026-0029CVE-2026-0030CVE-2026-0031CVE-2026-0032CVE-2026-0034CVE-2026-0035CVE-2026-0037CVE-2026-0038CVE-2026-0047CVE-2026-20401CVE-2026-20402CVE-2026-20403CVE-2026-20404CVE-2026-20405CVE-2026-20406CVE-2026-20420CVE-2026-20421CVE-2026-20422CVE-2026-20425CVE-2026-20426CVE-2026-20427CVE-2026-20428CVE-2026-20434CVE-2026-20988CVE-2026-20989CVE-2026-20990CVE-2026-20991CVE-2026-20992CVE-2026-21385CVE-2026-21735

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›