Description
In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in CertInstaller.java’s getCallingAppLabel method, which can be manipulated to hide the user interface that prompts for certificate installation. This omission allows a local user or malicious app to add a certificate without the user’s notice, elevating its privileges on the device. The weakness is an improper user interface flow that can be exploited (CWE-451).

Affected Systems

This vulnerability affects all Android devices that include the CertInstaller component of Google’s Android OS. The specific Android release series is not disclosed, meaning the flaw applies to any firmware version until a vendor‑issued update that patches CertInstaller is installed.

Risk and Exploitability

The CVSS base score of 7.8 indicates high severity, while the EPSS score of less than 1% indicates a low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Nevertheless, because the attack does not require user interaction or elevated execution privileges, any local user could exploit it. The attack vector is local, requiring only that the attacker has a foothold on the device, making the risk significant when the device is exposed to untrusted apps or scripts.

Generated by OpenCVE AI on June 3, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security patch that fixes CertInstaller, as outlined in Google’s Android security bulletin for June 2026.
  • If the patch is unavailable, prevent untrusted certificate installation by disabling the CertInstaller service or restricting certificate installation through device settings or MDM policies.
  • Regularly audit installed certificates on the device and flag any additions that were not user‑requested, ensuring timely removal if found unauthorized.

Generated by OpenCVE AI on June 3, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
Title Misleading UI Allows Local Installation of Certificates without User Consent

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Hidden Security Dialog in Android CertInstaller
Weaknesses CWE-250
CWE-285

Tue, 02 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Hidden Security Dialog in Android CertInstaller
First Time appeared Google
Google android
Weaknesses CWE-250
CWE-285
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-02T15:59:45.375Z

Reserved: 2025-10-15T15:42:45.801Z

Link: CVE-2026-0088

cve-icon Vulnrichment

Updated: 2026-06-01T23:15:11.414Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-01T22:16:22.543

Modified: 2026-06-02T17:16:25.320

Link: CVE-2026-0088

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T04:00:13Z

Weaknesses