VYPR
Low severity3.3NVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026

CVE-2026-0016

CVE-2026-0016

Description

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Google/Android4 versions
    cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2026-0016 · Low · VYPR