Description
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-03-02
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Assess Impact
AI Analysis

Impact

The reported flaw occurs in the dumpBitmapsProto method of ActivityManagerService.java. A missing permission check allows any installed application to invoke the method and retrieve bitmap data that should otherwise be private. Because the method can be called without full user consent or elevated execution rights, the vulnerability can lead to local privilege escalation, exposing sensitive information such as screenshots or cached images from other applications.

Affected Systems

This issue affects Android operating system version 16.0 in the qpr2 beta releases 1, 2, and 3. Devices running these builds are susceptible to the exploit.

Risk and Exploitability

The vulnerability carries a CVSS base score of 8.4, indicating high severity, but the EPSS score is less than 1%, suggesting a low likelihood of current exploitation. There is no listing in CISA's KEV catalog, meaning no known active exploit out there. An attacker with a malicious application on the device can directly invoke the vulnerable method, as no additional execution privileges or user interaction are required. The impact is local escalation, allowing the attacker to read private data from other apps.

Generated by OpenCVE AI on April 16, 2026 at 14:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest Android update that removes the permission check or patches ActivityManagerService.
  • If an update is unavailable, restrict the target application from using system-level services by adjusting app permissions or employing device policies that block privileged API usage.
  • Monitor device logs for unexpected calls to dumpBitmapsProto and enforce application sandboxing practices.

Generated by OpenCVE AI on April 16, 2026 at 14:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Title ActivityManagerService Local Escalation via Missing Permission Check

Fri, 06 Mar 2026 04:30:00 +0000

Type Values Removed Values Added
References

Fri, 06 Mar 2026 04:15:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
CPEs cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*
Vendors & Products Google
Google android

Mon, 02 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-280
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
Description In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-03-06T03:58:37.310Z

Reserved: 2025-10-15T15:39:39.764Z

Link: CVE-2026-0047

cve-icon Vulnrichment

Updated: 2026-03-02T20:02:26.171Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T19:16:31.973

Modified: 2026-03-06T04:16:07.143

Link: CVE-2026-0047

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:30:16Z

Weaknesses