Description
In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A logic error in Android Keymint allows a local application to bypass authorization checks, resulting in the disclosure of sensitive information without the need for elevated privileges. This flaw can be exploited by any app that gains local execution, enabling attackers to read data that should be protected by system permissions.

Affected Systems

Google Android devices are affected. No specific version numbers are provided, so all releases that include the vulnerable Keymint implementation may be impacted.

Risk and Exploitability

The flaw carries a CVSS score of 3.3 and an exploitation probability below 1 %. It is not listed in the CISA KEV catalog. Because the attack requires only local code execution and no user interaction, a malicious app running on the device can exploit it. The vulnerability is unlikely to be widely targeted at present, but it remains a potential risk for devices running unpatched Android versions.

Generated by OpenCVE AI on June 17, 2026 at 21:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Android security patch that addresses the Keymint permission enforcement flaw.
  • Constrain app permissions by explicitly denying Keymint-related permissions to apps that do not need them.
  • Continuously audit device logs for unexpected Keymint activity and investigate irregular access patterns.

Generated by OpenCVE AI on June 17, 2026 at 21:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-16T20:12:21.183Z

Reserved: 2025-10-23T08:43:52.210Z

Link: CVE-2026-0145

cve-icon Vulnrichment

Updated: 2026-06-16T20:12:14.570Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:25.260

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:45:02Z

Weaknesses