CVE-2026-0126
Description
Out-of-bounds write in WC-Radio on Pixel devices leads to remote code execution without user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds write in WC-Radio on Pixel devices leads to remote code execution without user interaction.
Vulnerability
In WC-Radio (wireless communication radio) on Pixel devices, an out-of-bounds write vulnerability exists due to a missing bounds check. This allows remote code execution. Affected versions include devices with security patch levels before June 2026. [1]
Exploitation
An attacker can exploit this vulnerability remotely over the air without requiring any privileges or user interaction. The missing bounds check enables writing beyond allocated memory, leading to code execution. [1]
Impact
Successful exploitation results in remote code execution with no additional privileges, potentially allowing full compromise of the device. [1]
Mitigation
Google has addressed this issue in the June 2026 Pixel Update Bulletin with security patch level 2026-06-05. Users should update their devices to this patch level or later to mitigate the vulnerability. [1]
AI Insight generated on Jun 16, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.