Description
In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow in the Android modem component can cause an out‑of‑bounds write that allows an attacker to execute arbitrary code on the device. The flaw is identified as a buffer overflow (CWE‑122). The attack does not require the victim to take any action, and no extra privileges are needed once the code runs.

Affected Systems

The vulnerability affects Android devices provided by Google. No specific version information is available in the data, so any device running an affected Android build that contains the unpatched modem code is at risk.

Risk and Exploitability

The CVSS score of 8.8 classifies the flaw as high severity. The EPSS score of <1% suggests that, at the time of analysis, the probability of exploitation is low, and it is not currently listed in the CISA KEV catalog. The likely attack vector involves malicious network traffic that interacts with the modem; because user interaction is not required, automated exploits could target devices while they are connected to cellular or Wi-Fi networks.

Generated by OpenCVE AI on June 17, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Android security update published in the June 2026 security bulletin.
  • If a patch cannot be applied immediately, disable or restrict external access to the modem service to prevent the exploitation path.
  • Continue to monitor Google’s security advisories for further updates or additional mitigations.

Generated by OpenCVE AI on June 17, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Modem Heap Buffer Overflow Enabling Remote Code Execution

Tue, 16 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-17T03:56:26.681Z

Reserved: 2025-10-23T08:43:34.664Z

Link: CVE-2026-0132

cve-icon Vulnrichment

Updated: 2026-06-16T20:49:26.754Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:24.080

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0132

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T18:15:10Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow