PatchSiren cyber security CVE debrief
CVE-2026-28575 Google CVE debrief
CVE-2026-28575 is a local denial of service vulnerability in Android PackageInstaller. The vulnerability exists in the PackageInstaller.Session#transfer method of the frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java file. An attacker could exploit this vulnerability to cause a local denial of service without requiring additional execution privileges. User interaction is not needed for exploitation. This vulnerability has a CVSS score of 10 and a severity of CRITICAL.
- Vendor
- Product
- Android
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Android users and administrators should be aware of this vulnerability and take necessary precautions to protect their devices. This vulnerability could be exploited by a local attacker to cause a denial of service, potentially disrupting critical services or operations. Operators, platform administrators, and security teams should review the vulnerability details and take action to mitigate the risk.
Technical summary
The vulnerability is caused by a logic error in the PackageInstaller.Session#transfer method. This method is part of the Android PackageInstaller service, which is responsible for installing and managing packages on an Android device. The vulnerability has a CVSS score of 10 and a severity of CRITICAL. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
High
Recommended defensive actions
- Apply the patch or update to a fixed version of Android
- Restrict access to the PackageInstaller service
- Monitor system logs for suspicious activity
- Implement additional security controls to prevent local attacks
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T13:20:15.237Z and has not been modified since then. The NVD entry is currently Analyzed. The vulnerability is related to CWE-400. There is limited information available about the specific details of the vulnerability, and defenders should verify the affected scope and severity with the vendor. The Android security bulletin provides additional context for mitigation and remediation.
Official resources
-
CVE-2026-28575 CVE record
CVE.org
-
CVE-2026-28575 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T13:20:15.237Z and has not been modified since then. The NVD entry is currently Analyzed.