Description
In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write caused by a missing bounds check in the WC‑Radio component of Google Android. The flaw can be triggered without requiring any user interaction and enables an attacker to execute arbitrary code on the device with the same privilege level as the running radio process. As a result, confidentiality could be compromised, the device may be taken over, and additional attacks could be launched from the compromised device.

Affected Systems

The affected systems are Google Android devices that include the WC‑Radio component. Specific product and version details are not listed, so any Android device that incorporates the vulnerable WC‑Radio implementation could be impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity risk. The EPSS score is less than 1 %, indicating a very low overall probability of exploitation reported in the available data, but the vulnerability is not listed in the CISA KEV catalog. The flaw enables remote code execution, a high‑severity outcome. No special privileges or user interaction are necessary, implying that an attacker could launch the exploit from a remote context, potentially via a network or wireless interface. Because the exploitation requires only a missing bounds check, any device connected to a network that can manipulate radio traffic could be targeted, making it a threat to devices with exposed radio interfaces.

Generated by OpenCVE AI on June 24, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch that fixes WC‑Radio
  • Disable the WiFi radio or block untrusted radio traffic when not needed
  • Monitor device logs for anomalous radio activity and isolate compromised devices

Generated by OpenCVE AI on June 24, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Android WC‑Radio Enables Remote Code Execution

Wed, 24 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Title Out of Bounds Write in WC‑Radio Permits Remote Code Execution
Weaknesses CWE-119
CWE-122

Wed, 24 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-787
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Out of Bounds Write in WC‑Radio Permits Remote Code Execution
Weaknesses CWE-119
CWE-122

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-24T15:54:50.366Z

Reserved: 2025-10-23T08:43:26.415Z

Link: CVE-2026-0126

cve-icon Vulnrichment

Updated: 2026-06-16T20:37:30.836Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:23.547

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0126

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T20:30:04Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

  • CWE-787

    Out-of-bounds Write