ByteOS Network

NVD Vulnerability Details :

CVE-2026-0005

Modified

Source-security@android.com

Published At-02 Mar, 2026 | 19:16

Updated At-03 Mar, 2026 | 16:16

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Google LLC

>>android>>14.0

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

Google LLC

>>android>>15.0

cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*

Google LLC

>>android>>16.0

cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-200	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://source.android.com/security/bulletin/2026-03-01	security@android.com	Broken Link Vendor Advisory

Hyperlink: https://source.android.com/security/bulletin/2026-03-01

Source: security@android.com

Resource:

Broken Link

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History