CVE-2026-0005

Name of the Vulnerable Software and Affected Versions KeyguardServiceDelegate.java (affected versions not specified)

Description A missing permission check in the onServiceDisconnected function of KeyguardServiceDelegate.java may allow a partial bypass of app pinning. This could enable limited interaction with other applications without knowledge of the Lock Screen Key Fingerprint (LSKF), potentially leading to local information disclosure. The extent of interaction and impact is dependent on the application, and exploitation does not require additional execution privileges or user interaction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.