CVE-2026-0126
Modified
Modified - Updated After Analysis
Out of Bounds Write in WC-Radio
Vulnerability report for CVE-2026-0126, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-16
Last updated on: 2026-06-24
Assigner: Google Devices
Description
Description
In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |