PatchSiren cyber security CVE debrief
CVE-2026-0134 Google CVE debrief
A logic error in PostWipeData of recovery_ui.cpp could lead to a local information disclosure issue after a factory reset, with no additional execution privileges needed. User interaction is not required for exploitation.
- Vendor
- Product
- Android
- CVSS
- LOW 3.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users and administrators concerned with data security on affected devices should prioritize patching.
Technical summary
The vulnerability exists in PostWipeData of recovery_ui.cpp, where a logic error could prevent complete data wiping during a factory reset, potentially allowing for local information disclosure.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor as soon as available.
- Ensure devices are updated with the latest security patches.
- Consider implementing additional security measures for sensitive data.
Evidence notes
Evidence suggests the vulnerability is in the Android recovery UI component.
Official resources
-
CVE-2026-0134 CVE record
CVE.org
-
CVE-2026-0134 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0134 was published on 2026-06-16T20:16:24.260Z and modified on 2026-06-16T20:42:25.013Z.