CVE-2026-28581
Description
A logic error in Android's CallIntentProcessor allows local users to initiate emergency calls without privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic error in Android's CallIntentProcessor allows local users to initiate emergency calls without privileges.
Vulnerability
In fixInitiatingUserIfNecessary of CallIntentProcessor.java, a logic error allows for the initiation of emergency calls. This vulnerability affects Android versions prior to the June 2026 security update [1].
Exploitation
An attacker with local access to the device can exploit this vulnerability. No special privileges or user interaction are required for exploitation, as the vulnerability is triggered by a logic error in the code path [1].
Impact
Successful exploitation allows an attacker to make an emergency call. The impact is limited to initiating an emergency call, with no other execution privileges gained by the attacker [1].
Mitigation
This vulnerability is addressed in the Android Security Bulletin for June 2026. Users should ensure their devices are updated to receive these security patches. No specific workaround is mentioned, and the vulnerability is not listed as being actively exploited in the wild [1].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.