VYPR

WindowManagerService

by Google

CVEs (2)

  • CVE-2026-28577HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-26422MedSep 4, 2025
    risk 0.26cvss 4.0epss 0.00

    In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…