Out of Bounds Write Vulnerability in Modem by Google
CVE-2026-0114

9.8CRITICAL

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
10 March 2026

What is CVE-2026-0114?

CVE-2026-0114 is a serious vulnerability identified within the Modem component developed by Google, related to an issue of out-of-bounds write. This vulnerability arises from a failure in performing correct bounds checking, leading to the potential for remote code execution. Essentially, this means that an attacker could exploit the system without needing any privileges or user interaction, making it particularly dangerous. If successfully executed, this vulnerability could allow unauthorized users to manipulate or control affected systems, leading to potentially catastrophic consequences for organizations relying on the Modem component for their operations.

Potential impact of CVE-2026-0114

  1. Remote Code Execution: The most alarming impact of this vulnerability is the ability for attackers to execute arbitrary code on affected systems remotely. This gives them control over the system without needing any special privileges or direct access, significantly increasing the risk of data compromise and system integrity.

  2. Widespread Vulnerability: Given that the Modem component is embedded in various Google products and services, the exploitation of this vulnerability could have far-reaching consequences across multiple applications and devices. Organizations that incorporate these technologies may find their security posture severely weakened.

  3. Increased Attack Surface: With the potential for remote code execution and no required user interaction, this vulnerability broadens the attack surface, allowing malicious actors to target systems more easily. Organizations may face a higher risk of data breaches, loss of sensitive information, and potential disruptions to business operations from successful exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android Android kernel

References

https://source.android.com/docs/security/bulletin/2026/20...
vendor-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.