CVE-2026-28587
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Risk Assessment
The organization may be exposed to the disclosure of confidential data, which could lead to privacy violations and potential legal consequences.
Recommendation
It is recommended to implement appropriate permission checks in MmsSmsProvider to prevent unauthorized access to sensitive information.
Original NVD description (English source)
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

