CVE Catalog

CVE-2026-0063

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

In the setAllowedCarriers method of PhoneInterfaceManager.java, there is a logic error that may allow disabling carrier restrictions. This could lead to local privilege escalation without the need for additional execution privileges.

Risk Assessment

The organization may be exposed to unauthorized access to functions restricted to the carrier, potentially leading to serious security breaches.

Recommendation

It is recommended to review and correct the logic in the setAllowedCarriers method to prevent the possibility of disabling carrier restrictions.

Original NVD description (English source)

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS