PT-2026-50240 · Google · Android

Published

2026-06-17

Updated

2026-06-17

CVE-2026-28576

CVSS v4.0

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-28576

Affected Products

Android

PT-2026-50240 · Google · Android

CVE-2026-28576

Related Identifiers

Affected Products

References · 1