PatchSiren cyber security CVE debrief
CVE-2026-0082 Google CVE debrief
A critical vulnerability was discovered in the NfcDispatcher.java file of the Android operating system. The issue arises from an insecure default value in the tryStartActivity function, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. This vulnerability has a CVSS score of 10, indicating a critical severity. Android users and administrators should be aware of this vulnerability, as it could allow an attacker to gain elevated privileges on a device.
- Vendor
- Product
- Android
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Android users and administrators should be aware of this vulnerability, as it could allow an attacker to gain elevated privileges on a device. Users should ensure that their device is updated to the latest version of Android and apply the security patch provided by the vendor.
Technical summary
The vulnerability is located in the tryStartActivity function of NfcDispatcher.java. An insecure default value could lead to automatic special app access permission assignment, allowing for local escalation of privilege. This issue affects Android devices. The CVSS score for this vulnerability is 10, indicating a critical severity. Users should apply the security patch provided by the vendor and ensure that their device is updated to the latest version of Android. The CVE record was published on 2026-06-17T13:19:26.520Z and was last modified on 2026-06-18T04:16:33.217Z. The NVD entry is currently Analyzed. This vulnerability has a significant impact on Android users and administrators, as it could allow an attacker to gain elevated privileges on a device. To mitigate this vulnerability, users should verify their device's update status and apply the security patch as soon as possible.
Defensive priority
High
Recommended defensive actions
- Apply the security patch provided by the vendor
- Ensure that the device is updated to the latest version of Android
- Monitor the device for suspicious activity
- Limit the use of NFC features to only necessary applications
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T13:19:26.520Z and was last modified on 2026-06-18T04:16:33.217Z. The NVD entry is currently Analyzed. The Android Security Bulletin provides additional information on this vulnerability. Users should verify their device's update status and apply the security patch as soon as possible.
Official resources
-
CVE-2026-0082 CVE record
CVE.org
-
CVE-2026-0082 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:26.520Z and has not been modified since then. The NVD entry is currently Analyzed.