CVE Catalog

CVE-2026-0092

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to local privilege escalation, potentially leading to unauthorized access to the system. The lack of user interaction in the exploitation process increases the risk.

Recommendation

It is recommended to implement proper permission checks in the package manager and to monitor system access to detect potential abuses.

Original NVD description (English source)

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS