CVE-2026-28576
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk30th percentile — higher than 30% of all known CVEs
Summary
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed.
Risk Assessment
The organization may be exposed to the disclosure of sensitive contact data, potentially leading to privacy violations.
Recommendation
It is recommended to update the software to the latest version to patch this vulnerability and to monitor access to the contacts database.
Original NVD description (English source)
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

