Description
In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: 2026-06-17
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A permissions bypass flaw in Android’s Telecomm component lets an application initiate a phone call without the system’s authorization, effectively granting the attacker local privilege escalation. The vulnerability is caused by improper access control that allows background or malicious software to trigger call‑making functionality without user consent, potentially enabling unauthorized calls and data interception.

Affected Systems

The affected vendor is Google and the product is Android Telecomm. No specific version information has been supplied; any Android installation containing the vulnerable Telecomm package may be impacted.

Risk and Exploitability

The CVSS score of 10 indicates critical severity. An EPSS score of less than 1% suggests that exploitation in the wild may be infrequent, and the flaw is not listed in the CISA KEV catalog. Because user interaction is not required, the likely attack vector involves an attacker deploying a malicious application that invokes the Telecomm service to place calls without permission.

Generated by OpenCVE AI on June 17, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Android security update that contains the Telecomm permission bypass fix
  • If the device is rooted or managed, revoke Telecomm’s telephony permissions or disable the Telecomm service via ADB or a device policy
  • Use Android Enterprise or similar mobile device management to restrict Telecomm’s access to telephony permissions until a patch is available

Generated by OpenCVE AI on June 17, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 17 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Vendors & Products Google
Google android

Wed, 17 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: google_android

Published:

Updated: 2026-06-17T14:11:30.993Z

Reserved: 2026-03-02T19:11:09.009Z

Link: CVE-2026-28615

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T08:30:04Z

Weaknesses

No weakness.