CVE 10 CRITICAL

CVE-2026-28575_CVE-2026-28575

June 17, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

AI Analysis

Memory exhaustion attack due to logic error in PackageInstaller.Session#transfer

Basic Information

ID CVE-2026-28575

Source google_android

Published Jun 17, 2026 at 07:02

Affected Product

Vendor Google

Product Android

Version 17

Affected Versions Google Android 17

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Google

Product Android

Version 17

References

source.android.com /docs/security/bulletin/android-17

{
    "lastseen": "",
    "description": "In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.",
    "published": "2026-06-17T07:02:33.191Z",
    "modified": "2026-06-17T07:02:33.191Z",
    "type": "cve",
    "title": "CVE-2026-28575",
    "source": "google_android",
    "references": "https://source.android.com/docs/security/bulletin/android-17",
    "id": "CVE-2026-28575",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Google Android 17",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Android",
    "version": "17",
    "vendor": "Google",
    "ai_description": "Memory exhaustion attack due to logic error in PackageInstaller.Session#transfer",
    "ai_severity": "Critical",
    "ai_vendor": "Google",
    "ai_product": "Android",
    "ai_version": "17",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply