Description
In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-18
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In AndroidManifest.xml, a missing permission check could allow an attacker to cause a persistent denial of service. The vulnerability could disrupt the availability of the targeted component or service. Based on the description, it is inferred that the denial of service would affect the specific app or service rather than the entire device.

Affected Systems

The flaw affects Google Android products. No specific version data is provided, but references point to Wear OS security bulletin 2026/06/01, suggesting the vulnerability exists in Wear OS releases around that time.

Risk and Exploitability

The CVSS score of 10 indicates a critical severity. The EPSS score of less than 1% reflects a low probability of exploitation at the time of this analysis. The flaw is locally exploitable without privilege escalation or user action, therefore any device running the vulnerable app is at risk. Because the vulnerability is not listed in the CISA KEV catalog, it has not yet been identified as a known exploited vulnerability, but the severity and ease of exploitation warrant immediate attention.

Generated by OpenCVE AI on June 22, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android OS update that addresses the missing permission check flaw
  • If a critical app cannot be updated, uninstall or restrict the application from accessing system services
  • App developers should add explicit permission checks in the AndroidManifest and code to enforce required permissions before starting services

Generated by OpenCVE AI on June 22, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Persistent Denial of Service from Missing Permission Check in AndroidManifest

Mon, 22 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Title Persistent Denial of Service via Missing Permission Check in AndroidManifest.xml
Weaknesses CWE-284

Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862

Thu, 18 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Persistent Denial of Service via Missing Permission Check in AndroidManifest.xml
Weaknesses CWE-284

Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-22T16:37:29.664Z

Reserved: 2026-03-02T19:10:53.531Z

Link: CVE-2026-28573

cve-icon Vulnrichment

Updated: 2026-06-18T13:00:27.906Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T20:30:06Z

Weaknesses