Description
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-16
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing permission check in the Camera application permits an application or user to access stored photos without authorization, resulting in local disclosure of personal images. The flaw requires no additional execution privileges and does not need user interaction. This weakness corresponds to CWE‑862, Unauthorized Access to Resource.

Affected Systems

The vulnerability is present in Google Android devices, specifically within the Camera application bundled with Google Pixel devices. No specific Android version is listed, so any device running the affected Camera component could be impacted.

Risk and Exploitability

The CVSS score of 3.3 indicates a low severity, and the EPSS score of less than 1% reflects a very low likelihood of exploitation. The flaw is not listed in CISA’s KEV catalog, and exploitation requires local access to the device; no network-based attack is implied. The risk remains confined to local data exposure without further system compromise.

Generated by OpenCVE AI on June 17, 2026 at 21:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Android to the latest security patch that includes the Camera permission fix
  • Restrict camera application permissions or disable the Camera app if not needed
  • Monitor device for unauthorized photo access and uninstall suspicious applications

Generated by OpenCVE AI on June 17, 2026 at 21:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Camera Access Allowing Local Photo Disclosure

Tue, 16 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Tue, 16 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Google_Devices

Published:

Updated: 2026-06-16T19:48:33.517Z

Reserved: 2025-10-23T08:44:54.695Z

Link: CVE-2026-0158

cve-icon Vulnrichment

Updated: 2026-06-16T19:48:30.517Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T20:16:26.420

Modified: 2026-06-16T20:42:25.013

Link: CVE-2026-0158

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T21:15:03Z

Weaknesses