CVE-2026-0075
Description
A SQL injection vulnerability in Android allows local privilege escalation by accessing the contacts database without user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A SQL injection vulnerability in Android allows local privilege escalation by accessing the contacts database without user interaction.
Vulnerability
Multiple functions within Android are affected by a SQL injection vulnerability that allows unauthorized access to the contacts database. This vulnerability exists in versions prior to the June 2026 security update. User interaction is not required for exploitation.
Exploitation
An attacker with local access to the device can exploit this vulnerability by triggering the vulnerable functions. No special privileges or user interaction are needed to initiate the attack sequence.
Impact
Successful exploitation allows an attacker to access the contacts database, leading to a local escalation of privilege. The attacker gains access to sensitive contact information without needing any additional execution privileges.
Mitigation
This vulnerability is addressed in the Android Security Bulletin for June 2026 [1]. Users should ensure their devices are updated to the patched versions. No workarounds are described in the available references.
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.