CVE-2026-0057
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Risk Assessment
The organization may be exposed to the disclosure of sensitive user information, potentially leading to privacy violations.
Recommendation
It is recommended to implement appropriate permission checks in the Contacts Provider to prevent unauthorized access to data.
Original NVD description (English source)
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

