VYPR
Medium severity6.2NVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026

CVE-2026-0046

CVE-2026-0046

Description

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Google/Android3 versions
    cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
  • Google/Letterboxllm-create

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.