CVE 10 CRITICAL

CVE-2026-0072_CVE-2026-0072

June 1, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AI Analysis

Local escalation of privilege vulnerability due to missing permission check in InputMethodManagerService

Basic Information

ID CVE-2026-0072

Source google_android

Published Jun 1, 2026 at 17:38

Affected Product

Vendor Google

Product Android XR

Version 14

Affected Versions Google Android XR 14

CWE Classification

CWE-285

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Google

Product Android XR

Version 14

References

source.android.com /docs/security/bulletin/xr/2026/2026-06-01

{
    "lastseen": "",
    "description": "In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
    "published": "2026-06-01T17:38:48.206Z",
    "modified": "2026-06-01T17:38:48.206Z",
    "type": "cve",
    "title": "CVE-2026-0072",
    "source": "google_android",
    "references": "https://source.android.com/docs/security/bulletin/xr/2026/2026-06-01",
    "id": "CVE-2026-0072",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285"
    ],
    "cvelist": null,
    "sourceData": "Google Android XR 14",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Android XR",
    "version": "14",
    "vendor": "Google",
    "ai_description": "Local escalation of privilege vulnerability due to missing permission check in InputMethodManagerService",
    "ai_severity": "Critical",
    "ai_vendor": "Google",
    "ai_product": "Android XR",
    "ai_version": "14",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply