CVE-2026-0096

Vulnerability

A flaw exists in the getAppLabel function within ForgetDeviceDialogFragment.java in Android. This vulnerability allows for a potential privilege escalation by misleading the user through insufficient UI prompts when forgetting a device. The exact affected versions are not specified in the available references, but it is addressed in the June 2026 Android Security Bulletin [1].

Exploitation

Exploitation does not require user interaction. An attacker can leverage the misleading or insufficient UI presented by the ForgetDeviceDialogFragment to trick a user into performing an action that results in privilege escalation. The vulnerability is local, meaning no additional execution privileges are needed beyond what the attacker already possesses to trigger the UI.

Impact

Successful exploitation of this vulnerability could lead to a local privilege escalation. The attacker gains higher privileges on the device without needing any additional execution capabilities. The specific scope and nature of the escalated privileges are not detailed in the provided references.

Mitigation

This vulnerability is addressed in the June 2026 Android Security Bulletin [1]. Users should ensure their Android devices are updated to receive the security patch. No specific workarounds are mentioned in the available references, and the End-of-Life (EOL) status or Known Exploited Vulnerabilities (KEV) listing for this issue is not disclosed.