CVE-2026-0072
Input Method Manager Service Permission Check Bypass
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Android (associated with Google Inc. or Open Handset Alliance)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | to 14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0072 is a security vulnerability in the addInputMethodListener function of the InputMethodManagerService component in Android. The issue arises because there is a missing permission check, which means that unauthorized code can interact with this function.
This flaw allows an attacker to escalate their privileges locally without needing any additional execution privileges or user interaction.
Specifically, it could allow input text to be read without permission, leading to an elevation of privilege.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows an attacker to gain elevated privileges on the affected Android device without requiring user interaction or additional execution rights.
An attacker exploiting this flaw could read input text without permission, potentially exposing sensitive information entered by the user.
Because the vulnerability has a maximum severity rating (CVSS 10.0), it represents a critical security risk that could compromise device confidentiality and integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2026-0072, apply the Android security patch level dated 2026-06-01 which addresses this vulnerability.
Ensure your device is running Android version 14 or later with the latest security updates installed.