Description
In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-01
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the addWindow method of Android’s WindowManagerService, allowing a tapjacking or overlay attack that presents a hidden system UI element without user consent. Leveraging CWE‑1021 (Input Validation), the attacker can perform actions with higher privileges than the normal application context, resulting in local privilege escalation that can compromise device integrity and confidentiality without user interaction.

Affected Systems

Android devices that include the unpatched WindowManagerService implementation referenced by Google’s 2026‑06‑01 security bulletin are affected. Version ranges are not disclosed, so all Android firmware builds containing the vulnerable code may be impacted.

Risk and Exploitability

Based on the description, the attack vector is inferred to be local on the device, requiring a process that can access WindowManagerService but no user interaction. The CVSS score of 7.8 signifies high severity, while the EPSS score is unavailable and the vulnerability is not listed in CISA’s KEV catalog, so the likelihood of exploitation in the wild cannot be quantified from the provided data.

Generated by OpenCVE AI on June 2, 2026 at 02:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Android security patch that addresses the WindowManagerService tapjacking flaw
  • Restrict overlay permissions so that only trusted applications can draw over protected windows
  • Monitor device logs and audit applications granted overlay rights for anomalous behavior

Generated by OpenCVE AI on June 2, 2026 at 02:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:qpr2:*:*:*:*:*:*

Tue, 02 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via WindowManager Tapjacking in Android
Weaknesses CWE-284

Mon, 01 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1021
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via WindowManager Tapjacking in Android
First Time appeared Google
Google android
Weaknesses CWE-284
Vendors & Products Google
Google android

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-02T03:56:11.803Z

Reserved: 2026-03-02T19:10:53.531Z

Link: CVE-2026-28577

cve-icon Vulnrichment

Updated: 2026-06-01T22:32:32.407Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T22:16:24.820

Modified: 2026-06-02T18:08:32.670

Link: CVE-2026-28577

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T02:30:16Z

Weaknesses