CVE Catalog

CVE-2026-0082

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

In the tryStartActivity method of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to local privilege escalation, which could lead to unauthorized access to system resources.

Recommendation

It is recommended to review and update the default values in the tryStartActivity method to prevent unauthorized permission assignment.

Original NVD description (English source)

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS