CVE-2026-28581 - Vulnerability Details

- Local Emergency Call Bypass Without User Interaction

Description

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation.

Published: 2026-06-01

Score: 4 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A logic error in the CallIntentProcessor component of Android allows a local attacker to trigger an emergency call with no privileges required and without user interaction. This flaw bypasses normal permission checks. The attacker can place a 911 call (or equivalent emergency service) that may lead to unnecessary emergency response and potential cost or service disruption. No remote execution or data exfiltration is possible; the impact is confined to the misuse of emergency call functionality.

Affected Systems

The flaw exists in the Android operating system within the CallIntentProcessor module. No specific version numbers are provided; therefore, all Android releases that contain this component and have not yet applied a vendor fix are potentially affected. The attack surface is local to the device, requiring the attacker to be present on or have physical or logical access to the device.

Risk and Exploitability

The CVSS score is 4, and EPSS data is unavailable, so the severity is quantified as low. However, the vulnerability is local, requires no user interaction, and can be exploited without privileged access, indicating a high potential for misuse. It is not listed in the CISA KEV catalog, suggesting no documented exploitation at this time. The likely attack vector is local exploitation, where an attacker with physical or accessed device privileges can trigger the call.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Google

Android

unaffected

Version	Status	Constraints
`16-qpr2`	affected	—
`16`	affected	—
`15`	affected	—
`14`	affected	—

No data.

Vendor Product Confidence Versions

Google

Android

100%

Version	Status	Scheme	Platform
`16-qpr2`	affected	generic	—
`16`	affected	generic	—
`15`	affected	generic	—
`14`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device to the latest Android version that contains the vendor fix for CallIntentProcessor
If an update is not immediately available, restrict the ability of untrusted applications to access emergency call APIs by disabling or limiting the CALL_EMERGENCY_CALL permission in the device’s security settings
Continuously monitor Android security bulletins for a patch or additional mitigation guidance and apply it as soon as it becomes available

Generated by OpenCVE AI on June 2, 2026 at 02:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://source.android.com/docs/security/bulletin/2026/2026-06-01

History

Tue, 02 Jun 2026 02:45:00 +0000

Type	Values Removed	Values Added
Title		Local Emergency Call Bypass Without User Interaction
Weaknesses		CWE-269 CWE-284

Tue, 02 Jun 2026 01:15:00 +0000

Type	Values Removed	Values Added
Title	Android Logic Error Enabling Unauthenticated Emergency Calls
Weaknesses	CWE-269 CWE-284

Tue, 02 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
Vendors & Products		Google Google android

Mon, 01 Jun 2026 23:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 23:15:00 +0000

Type	Values Removed	Values Added
Title		Android Logic Error Enabling Unauthenticated Emergency Calls
Weaknesses		CWE-269 CWE-284

Mon, 01 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation.
References		https://source.android.com/docs/security/bulletin/2026/2026-06-01

Subscriptions

Google Android

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2026-06-01T21:14:56.114Z

Updated: 2026-06-01T22:39:11.373Z

Reserved: 2026-03-02T19:10:53.531Z

Link: CVE-2026-28581

Vulnrichment

Updated: 2026-06-01T22:39:03.906Z

NVD

Status : Received

Published: 2026-06-01T22:16:25.110

Modified: 2026-06-01T23:16:22.673

Link: CVE-2026-28581

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T02:30:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object