Description
In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in obfuscated interface elements that can present privileged actions as benign, enabling local privilege escalation without acquiring additional execution rights or needing user interaction.

Affected Systems

Android devices distributed by Google. No specific version numbers are disclosed, so any Android installation at the time of the bulletin may be affected until the update is applied.

Risk and Exploitability

The CVSS score of 7.8 is reported, the EPSS is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Exploitation can be performed locally, without user interaction or remote network access, and without requiring extra execution privileges; after the privilege escalation occurs, the attacker gains higher-level device access.

Generated by OpenCVE AI on June 2, 2026 at 01:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security update that incorporates the UI mitigation fix.
  • Monitor device event logs for unexpected privilege level changes that may indicate exploitation.
  • Follow Google’s Android security best practices for UI consistency and privilege indicators.

Generated by OpenCVE AI on June 2, 2026 at 01:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 01:45:00 +0000

Type Values Removed Values Added
Title Misleading UI in Android Causes Local Privilege Escalation

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-02T03:56:21.185Z

Reserved: 2025-10-15T15:42:53.246Z

Link: CVE-2026-0093

cve-icon Vulnrichment

Updated: 2026-06-01T23:01:25.932Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-01T22:16:22.830

Modified: 2026-06-02T13:04:00.123

Link: CVE-2026-0093

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:30:26Z

Weaknesses