VYPR
Medium severity4.0NVD Advisory· Published Jun 1, 2026· Updated Jun 3, 2026

CVE-2026-28581

CVE-2026-28581

Description

In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Google/Android6 versions
    cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
    • cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

1

News mentions

1