CVE-2026-0082

HIGH

Android - Local Privilege Escalation via NfcDispatcher Insecure Default Value

Title source: llm
STIX 2.1

Description

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0016
EPSS Percentile 6.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-453
Status published
Products (2)
google/android 17.0
Google/Android 17
Published Jun 17, 2026
Tracked Since Jun 17, 2026