Description
In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation and Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in the hasImage method of Android's Notification.java, where a permissions check can be bypassed. A malicious local application or user can read data belonging to another user, leading to local privilege escalation and the exposure of sensitive information. The flaw allows reading inter‑user data without any additional execution privileges and is classified as an information disclosure vulnerability, identified as CWE‑200.

Affected Systems

Android 14.0, 15.0, and 16.0, including the qpr2 beta releases 1–3, provided by Google.

Risk and Exploitability

The CVSS score of 8.4 signals high severity, while the EPSS score of less than 1 % indicates that exploitation is currently uncommon. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local exploitation by a malicious app or user with sufficient permissions; user interaction is not required, as stated in the CVE description. This combination makes the flaw particularly dangerous for devices that remain unpatched.

Generated by OpenCVE AI on April 18, 2026 at 10:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security patch from Google to address the hasImage permission bypass.
  • Restrict notification visibility and disable unnecessary notification listener permissions for applications.
  • Review installed apps for unnecessary elevated privileges and remove or uninstall those that can read or modify notifications.
  • Enable automatic OS updates to ensure timely receipt of future security patches.

Generated by OpenCVE AI on April 18, 2026 at 10:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
Title Notification.hasImage Permission Bypass Enables Local Privilege Escalation and Data Disclosure

Fri, 06 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Tue, 03 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:*
Vendors & Products Google
Google android

Tue, 03 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 03 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-03-11T15:02:02.268Z

Reserved: 2025-10-15T15:39:03.800Z

Link: CVE-2026-0025

cve-icon Vulnrichment

Updated: 2026-03-03T14:43:41.190Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:30.673

Modified: 2026-03-06T04:16:05.090

Link: CVE-2026-0025

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses