CVE-2026-0021

Name of the Vulnerable Software and Affected Versions versions prior to 2026-0021

Description A cross-user permission bypass exists due to a confused deputy condition in the hasInteractAcrossUsersFullPermission function within the AppInfoBase.java file. This could allow for local escalation of privilege without requiring additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.