VYPR

Android Xr

by Google

CVEs (1)

  • CVE-2026-0072HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.