PackageInstallerService

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-0089	Android PackageInstallerService	Hig	0.51	7.8	—		Jun 1, 2026	In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
CVE-2026-0055	Android PackageInstallerService		0.00	—	—		Jun 1, 2026	In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User…

CVE-2026-0089HigJun 1, 2026
Android
PackageInstallerService
risk 0.51cvss 7.8epss —
In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
CVE-2026-0055Jun 1, 2026
Android
PackageInstallerService
risk 0.00cvss —epss —
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User…