CVE-2026-0081 Google CVE debrief

Who should care

Android developers, security teams, and users of Google Android devices, especially those using Android 17.0, should be aware of this vulnerability and take necessary precautions.

Technical summary

The vulnerability exists in the NFC component of Google Android, specifically in Android 17.0. The issue arises from a missing permission check, which allows local attackers to spoof NFC events. This could lead to local escalation of privilege with no additional execution privileges needed. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

high

Recommended defensive actions

• Apply the security patch for Android 17.0 as soon as possible.
• Ensure that all Android devices are running the latest version of the operating system.
• Implement additional security measures, such as monitoring NFC activity and restricting access to sensitive data.
• Conduct regular security audits to identify and address potential vulnerabilities.
• Educate users about the importance of keeping their devices up to date with the latest security patches.

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and the Common Vulnerabilities and Exposures (CVE) database. The vulnerability has been analyzed and verified by the NVD.

Official resources