CVE Catalog

CVE-2026-0071

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to local privilege escalations, which could lead to unauthorized access to sensitive data or system functions.

Recommendation

It is recommended to review and improve the permission checking logic in the SettingsLib code to prevent potential privilege escalations.

Original NVD description (English source)

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS