CVE-2026-0072 - Android InputMethodManagerService Privilege Escalation
AI SummaryAIcached
Source
cvefeed.io
System administrators should apply security patches released by Google on June 1, 2026, to address a critical vulnerability affecting Android. The flaw, identified as CVE-2026-0072, resides in the InputMethodManagerService and allows for local privilege escalation without requiring user interaction. The vulnerability stems from a missing permission check in the addInputMethodListener function, which could permit unauthorized access to system services. Google has assigned a maximum CVSS 4.0 score of 10.0 to the issue, classifying it as critical. The company recommends implementing missing permission checks and reviewing other methods within the service for similar authorization flaws.
G
Summary byGLM AIFree
Jun 1, 2026, 09:23 PM
Shared
AI summaries
0 of 15 usedOriginal Description
CVE ID :CVE-2026-0072
Published : June 1, 2026, 7:16 p.m. | 1 hour, 9 minutes ago
Description :In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...