Denial of Service Vulnerability in LocalImageResolver of Android Products
CVE-2026-0049

6.2MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-0049?

A persistent denial of service vulnerability exists in the LocalImageResolver.java component of Android's system. This flaw allows attackers to exploit resource exhaustion, resulting in a local denial of service without requiring any additional execution privileges or user interaction. This could significantly impact the performance and availability of affected devices, underlining the need for immediate patching to maintain user safety and device functionality.

Affected Version(s)

Android 16-qpr2

Android 16

Android 15

References

https://source.android.com/docs/security/bulletin/2026/20...

vendor-advisory

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Oct 15, 2025

Credit

Cxxsheng (曹圣) and Yanjie Zhao (赵彦杰) of Huazhong University of Science and Technology (华中科技大学) and Canyie(石松洲) of LSPosed Team.

CVE-2026-0049 Data

JSON

Google

What is CVE-2026-0049?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit