Description
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
Published: 2026-06-15
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to gain higher privileges by exploiting the MemuService.exe component. The flaw enables unauthorized escalation of privileges on the host system, potentially allowing the attacker to execute arbitrary code with elevated rights. This weakness is an access control failure (CWE-269).

Affected Systems

The vulnerability affects Microvirt MEmu Android Emulator version 9.2.7.0. No other versions or variants are explicitly listed.

Risk and Exploitability

The CVSS base score is 7.8, indicating a high severity local privilege escalation. Although the EPSS score is below 1%, meaning exploitation is considered unlikely at the time, the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; an attacker must have physical or local software access to the host machine to run MemuService.exe and trigger the escalation. Due to the local nature, protective measures such as limiting service privileges or isolating the emulator can mitigate risk.

Generated by OpenCVE AI on June 17, 2026 at 21:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Microvirt MEmu to a patched version that eliminates the privilege escalation flaw.
  • If an update is not available, run the MemuService.exe service with the least privileges possible and restrict its network and filesystem access.
  • Disable or uninstall the MemuService.exe component if the emulator service is not required in the environment.

Generated by OpenCVE AI on June 17, 2026 at 21:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Microvirt
Microvirt memu Android Emulator
Vendors & Products Microvirt
Microvirt memu Android Emulator

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in Microvirt MEmu Android Emulator via MemuService.exe

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation in Microvirt MEmu Android Emulator via MemuService.exe

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
References

Subscriptions

Microvirt Memu Android Emulator
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:15:37.612Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36213

cve-icon Vulnrichment

Updated: 2026-06-16T13:15:27.930Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:25.683

Modified: 2026-06-16T15:51:29.037

Link: CVE-2026-36213

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:46:35Z

Weaknesses
  • CWE-269

    Improper Privilege Management