CVE-2026-0091 - Vulnerability Details

- Android Launcher Over‑Privileged Shell User Privilege Escalation

Description

In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: 2026-06-01

Score: 7.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability allows an attacker with local access to execute code within the Android launcher process by exploiting an over-privileged shell user. This flaw can be triggered in multiple code paths that do not require the user to interact, enabling the attacker to gain elevated privileges from a standard user context. The weakness primarily leads to a local privilege escalation that could compromise the security of the device without additional execution privileges.

Affected Systems

The affected system is the Android operating system produced by Google. No specific vendor versions are listed in the advisory, so any Android build that includes the vulnerable launcher code may be impacted until a patch is applied.

Risk and Exploitability

The CVSS score for this vulnerability is 7.8, indicating high severity. Because the attack can occur without user interaction and does not rely on external exploitation, the likelihood of exploitation in the wild may be lower than remote vulnerabilities, but the severity is high due to the local privilege escalation. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, however the impact remains significant for devices running unpatched Android versions.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Android

unaffected

Version	Status	Constraints
`16-qpr2`	affected	—
`16`	affected	—
`15`	affected	—
`14`	affected	—

No data.

Vendor Product Confidence Versions

Google

Android

100%

Version	Status	Scheme	Platform
`16-qpr2`	affected	generic	—
`16`	affected	generic	—
`15`	affected	generic	—
`14`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Android OS to the latest security‑bulletin release that contains a patch for this privilege escalation flaw.
If an update is not immediately available, consider disabling over‑privileged shell users or restricting their capabilities by modifying the device configuration or root access policies to prevent launchers from executing shell‑level commands with elevated rights.
Conduct a security review of any third‑party launcher applications and ensure they do not grant unnecessary shell user privileges to reduce the attack surface.

Generated by OpenCVE AI on June 2, 2026 at 02:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://source.android.com/docs/security/bulletin/2026/2026-06-01

History

Tue, 02 Jun 2026 02:45:00 +0000

Type	Values Removed	Values Added
Title		Android Launcher Over‑Privileged Shell User Privilege Escalation

Tue, 02 Jun 2026 01:15:00 +0000

Type	Values Removed	Values Added
Title	Local Privilege Escalation via Over-Privileged Shell User in Android Launcher Process
Weaknesses	CWE-284

Mon, 01 Jun 2026 23:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
Vendors & Products		Google Google android

Mon, 01 Jun 2026 23:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 23:00:00 +0000

Type	Values Removed	Values Added
Title		Local Privilege Escalation via Over-Privileged Shell User in Android Launcher Process
Weaknesses		CWE-269 CWE-284

Mon, 01 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		In multiple locations, there is a possible way to execute code in the launcher process due to an over-privileged shell user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References		https://source.android.com/docs/security/bulletin/2026/2026-06-01

Subscriptions

Google Android

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2026-06-01T21:14:54.868Z

Updated: 2026-06-01T23:06:16.915Z

Reserved: 2025-10-15T15:42:50.226Z

Link: CVE-2026-0091

Vulnrichment

Updated: 2026-06-01T23:06:13.206Z

NVD

Status : Received

Published: 2026-06-01T22:16:22.737

Modified: 2026-06-01T23:16:16.970

Link: CVE-2026-0091

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T02:30:16Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object