CVE-2026-0020
HIGHParsedPermissionUtils - Privilege Escalation
Title source: llmDescription
In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Scores
CVSS v3
8.4
EPSS
0.0001
EPSS Percentile
0.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-639
Status
published
Affected Products (7)
google/android
google/android
google/android
google/android
google/android
google/android
google/android
Timeline
Published
Mar 02, 2026
Tracked Since
Mar 03, 2026