CVE-2026-0111 - Vulnerability Details

- Out‑of‑Bounds Write Causing Remote Privilege Escalation in Android SMS Utility

Description

In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: 2026-03-10

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is an out‑of‑bounds write in the ns_GetUserData function of Android’s ns_SmscbUtilities.c module. The incorrect bounds check allows an attacker to corrupt memory, which in turn can be used to elevate privileges on the device. The vulnerability does not require any user interaction or the execution of additional code—an unprivileged attacker can trigger it directly through crafted SMS messages or other input channels, potentially compromising the entire system.

Affected Systems

The vulnerability affects Google Android devices. No specific build or version numbers are listed, so all releases from the affected family are potentially impacted until a patch is applied.

Risk and Exploitability

With a CVSS score of 9.8, the technical severity is extremely high. The EPSS score of less than 1% suggests a low probability of exploitation at this time, and the vulnerability is not yet in CISA’s KEV catalog. The description indicates the flaw could be triggered remotely and requires no user consent; the specific attack vector (such as SMS) is inferred rather than explicitly documented, but it suggests that an attacker could potentially deliver the exploit via SMS or similar input channels. If exploitation succeeds, the impact on confidentiality, integrity, and availability is substantial.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Android

unaffected

Version	Status	Constraints
`Android kernel`	affected	—

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Google

Android

100%

Version	Status	Scheme	Platform
`Android kernel`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Android security patch released by Google in the March 2026 bulletin.
Restrict SMS permissions so that only trusted system applications can access SMS APIs.
Use device management or app‑level controls to disable or uninstall third‑party SMS handling apps that are not essential.

Generated by OpenCVE AI on April 16, 2026 at 09:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00228.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://source.android.com/docs/security/bulletin/2026/2026-03-01
https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01

History

Thu, 16 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
Title		Out‑of‑Bounds Write Causing Remote Privilege Escalation in Android SMS Utility

Thu, 12 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:google:android:-:::::::*

Wed, 11 Mar 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
References		https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 11 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
Vendors & Products		Google Google android

Tue, 10 Mar 2026 22:30:00 +0000

Type	Values Removed	Values Added
References	https://source.android.com/security/bulletin/pixel/2026-03-01

Tue, 10 Mar 2026 21:30:00 +0000

Type	Values Removed	Values Added
References		https://source.android.com/docs/security/bulletin/2026/2026-03-01

Tue, 10 Mar 2026 21:00:00 +0000

Type	Values Removed	Values Added
Description		In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References		https://source.android.com/security/bulletin/pixel/2026-03-01

Subscriptions

Google Android

MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published: 2026-03-10T20:46:40.542Z

Updated: 2026-03-12T03:55:27.774Z

Reserved: 2025-10-23T08:43:05.429Z

Link: CVE-2026-0111

Vulnrichment

Updated: 2026-03-11T14:45:36.009Z

NVD

Status : Analyzed

Published: 2026-03-10T21:16:44.550

Modified: 2026-03-11T17:14:06.340

Link: CVE-2026-0111

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T09:30:06Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object