CVE-2026-0094

Vulnerability

A vulnerability exists in the getApplicationLabel function within KeyChainActivity.java on Android. This flaw allows for a misleading or insufficient user interface, which can trick users into approving access to certificates. The exact affected versions are not specified in the provided references, but it is part of the June 2026 security bulletin [1].

Exploitation

An attacker can exploit this vulnerability by leveraging the insufficient UI to deceive the user into granting access to certificates. The description indicates that user interaction is not needed for exploitation, suggesting the UI deception occurs automatically or through a pre-arranged method that bypasses explicit user consent for the malicious action [1].

Impact

Successful exploitation of this vulnerability could lead to a local privilege escalation. The attacker gains the ability to approve certificate access, which could potentially be used to gain further access or control on the device. Importantly, no additional execution privileges are needed by the attacker beyond what is required to trigger the UI deception [1].

Mitigation

This vulnerability was addressed in the Android Security Bulletin for June 2026 [1]. Users should ensure their devices are updated to receive these security patches. Specific fixed versions and release dates are detailed in the bulletin. No workarounds are mentioned, and the device's EOL status or KEV listing are not discussed in the provided references.