PatchSiren cyber security CVE debrief
CVE-2026-0092 Google CVE debrief
A critical vulnerability was found in Package Manager, which could allow for local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The CVE record was published on 2026-06-17T13:19:26.813Z and has not been modified since then. The vulnerability affects Google Android 17.0. Security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Vendor
- Product
- Android
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Security teams responsible for managing and updating Android systems, particularly those using Google Android 17.0, should be aware of this vulnerability and take necessary actions to mitigate the risk. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability is caused by a missing permission check in Package Manager, which could lead to local escalation of privilege. The CVSS score is 10, indicating a critical severity. The vulnerability affects Google Android 17.0. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. Security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. The CVE record was published on 2026-06-17T13:19:26.813Z and has not been modified since then. Limited additional context is available; defenders are advised to consult vendor resources for further details on mitigation and potential workarounds.
Defensive priority
High
Recommended defensive actions
- Apply the latest security patches from the vendor
- Conduct regular vulnerability assessments and penetration testing
- Implement compensating controls such as monitoring and incident response planning
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T13:19:26.813Z and has not been modified since then. The NVD entry is currently Analyzed. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability affects Google Android 17.0. The CVSS score is 10, indicating a critical severity.
Official resources
-
CVE-2026-0092 CVE record
CVE.org
-
CVE-2026-0092 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:19:26.813Z and has not been modified since then.