CVE-2025-26436

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description A flaw exists in the Android operating system's Framework component related to a buffer copy operation without proper input validation. Exploitation of this issue may allow an attacker to escalate privileges. Specifically, a background activity launch bypass exists in PendingIntentRecord.java’s clearAllowBgActivityStarts function, potentially leading to local privilege escalation without requiring additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.