CVE-2026-0011
Logic Error in Android Settings.java Enables Local Privilege Escalation
Publication date: 2026-03-02
Last updated on: 2026-03-06
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 | |
| android | 16.0 | |
| android | 16.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in the enableSystemPackageLPw function of the Settings.java file. Due to a logic error in the code, it is possible to prevent location access from working as intended.
Exploitation of this issue can lead to a local escalation of privilege without requiring any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with local access to escalate their privileges without needing extra permissions or user interaction.
This could result in unauthorized changes to location access settings, potentially disrupting location-based services or privacy controls on the affected device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know