CVE-2026-0050
Bluetooth AdapterService Permissions Bypass Information Disclosure
Publication date: 2026-06-01
Last updated on: 2026-06-02
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 15.0 | |
| android | 16.0 | |
| android | 16.0 | |
| android | 16.0 | |
| android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves a possible sensitive information disclosure due to a permissions bypass, which could lead to local information disclosure without additional execution privileges or user interaction.
Such sensitive information disclosure vulnerabilities can potentially impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data.
However, the provided information does not specify the exact nature of the data disclosed or the compliance impact.
Can you explain this vulnerability to me?
This vulnerability exists in the handleBondStateChanged method of the AdapterService.java file. It involves a permissions bypass that can lead to the disclosure of sensitive information locally. Exploiting this vulnerability does not require any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The impact of this vulnerability is the potential local disclosure of sensitive information. Since no additional privileges or user interaction are needed, an attacker with local access could exploit this flaw to access information that should be protected.