CVE 10 CRITICAL

CVE-2026-28576_CVE-2026-28576

June 17, 2026 invoker category_cve

10 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

AI Analysis

SQL injection vulnerability in Contacts Provider leading to local information disclosure

Basic Information

ID CVE-2026-28576

Source google_android

Published Jun 17, 2026 at 07:19

Affected Product

Vendor Android

Product Android

Version 17

Affected Versions Android Android 17

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Google

Product Android

Version 17

References

source.android.com /docs/security/bulletin/android-17

{
    "lastseen": "",
    "description": "In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
    "published": "2026-06-17T07:19:47.943Z",
    "modified": "2026-06-17T07:19:47.943Z",
    "type": "cve",
    "title": "CVE-2026-28576",
    "source": "google_android",
    "references": "https://source.android.com/docs/security/bulletin/android-17",
    "id": "CVE-2026-28576",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Android Android 17",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Android",
    "version": "17",
    "vendor": "Android",
    "ai_description": "SQL injection vulnerability in Contacts Provider leading to local information disclosure",
    "ai_severity": "Critical",
    "ai_vendor": "Google",
    "ai_product": "Android",
    "ai_version": "17",
    "ai_score": 10
}

💭 Join the Security Discussion ❌ Cancel Reply