Description
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic error in Android’s handling of Bluetooth Low Energy pairing allows a device to accept a pairing request without user interaction, enabling an attacker who is in physical proximity to elevate privileges on the target device. The flaw does not require additional execution privileges and can be triggered from an adjacent Bluetooth‑enabled device, allowing an attacker to assume higher rights on the victim phone without any visible prompt.

Affected Systems

The vulnerability affects Android devices, including all models that implement the affected Bluetooth Low Energy pairing logic. No specific OS or firmware versions were listed in the advisory, so all devices that currently run the unpatched pairing routine are potentially impacted.

Risk and Exploitability

The exploit can be carried out remotely from an adjacent device, eliminating the need for social engineering or user interaction. The CVSS score of 8 indicates a high severity level. The EPSS score is not reported, and the vulnerability is not listed in the CISA KEV catalog, but the high CVSS score and proximity-based exploit still warrant immediate attention.

Generated by OpenCVE AI on June 2, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest Android security patch that contains the fix for this pairing logic bug, as announced in Google’s security bulletin for June 2026.
  • If a patch is not yet available, disable automatic Bluetooth pairing and require explicit user confirmation for all pairing requests to prevent unintended device connections.
  • Use device management or enterprise mobility tools to restrict Bluetooth usage and monitor pairing events, reducing the window during which an attacker can exploit the vulnerability until a patch is applied.

Generated by OpenCVE AI on June 2, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Title Bluetooth Low Energy Pairing Bypass Enables Privilege Escalation

Tue, 02 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title Bluetooth Low Energy Pairing Bypass Allowing Privilege Escalation
Weaknesses CWE-287

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Title Bluetooth Low Energy Pairing Bypass Allowing Privilege Escalation
Weaknesses CWE-287
CWE-693
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-01T22:47:45.312Z

Reserved: 2025-10-15T15:42:59.369Z

Link: CVE-2026-0097

cve-icon Vulnrichment

Updated: 2026-06-01T22:47:33.683Z

cve-icon NVD

Status : Received

Published: 2026-06-01T22:16:23.430

Modified: 2026-06-01T23:16:17.670

Link: CVE-2026-0097

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T03:00:13Z

Weaknesses