Local Privilege Escalation Vulnerability in Android by Google
CVE-2026-0063

10CRITICAL

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-0063?

A logic error in the PhoneInterfaceManager's setAllowedCarriers function creates a vulnerability that allows local privilege escalation. This security gap enables unauthorized users to circumvent carrier restrictions without requiring additional execution permissions or user interaction. Addressing this flaw is essential for maintaining the integrity and security of the Android operating system.

Affected Version(s)

Android 17

References

https://source.android.com/docs/security/bulletin/android-17

vendor-advisory

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Oct 15, 2025

CVE-2026-0063 Data

JSON