CVE-2026-0086
Description
A missing null check in Android's DisableSupervisionActivity allows local privilege escalation by deleting supervision data without user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing null check in Android's DisableSupervisionActivity allows local privilege escalation by deleting supervision data without user interaction.
Vulnerability
In the onCreate method of DisableSupervisionActivity.kt, a missing null check allows for the deletion of supervision data. This vulnerability affects Android versions prior to the June 2026 security update.
Exploitation
An attacker with local access to the device can trigger this vulnerability without any user interaction. The exploit involves reaching the onCreate method of DisableSupervisionActivity where the missing null check can be leveraged to delete supervision data.
Impact
Successful exploitation leads to a local escalation of privilege. The attacker can delete supervision data, which could have significant privacy and security implications, without needing any additional execution privileges beyond local access.
Mitigation
This vulnerability is addressed in the June 2026 Android Security Bulletin [1]. Users should ensure their devices are updated to receive the security patch. No workarounds are mentioned in the available references.
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.