Impact
In AndroidManifest.xml, a missing permission check could allow an attacker to cause a persistent denial of service. The vulnerability could disrupt the availability of the targeted component or service. Based on the description, it is inferred that the denial of service would affect the specific app or service rather than the entire device.
Affected Systems
The flaw affects Google Android products. No specific version data is provided, but references point to Wear OS security bulletin 2026/06/01, suggesting the vulnerability exists in Wear OS releases around that time.
Risk and Exploitability
The CVSS score of 10 indicates a critical severity. The EPSS score of less than 1% reflects a low probability of exploitation at the time of this analysis. The flaw is locally exploitable without privilege escalation or user action, therefore any device running the vulnerable app is at risk. Because the vulnerability is not listed in the CISA KEV catalog, it has not yet been identified as a known exploited vulnerability, but the severity and ease of exploitation warrant immediate attention.
OpenCVE Enrichment