{"api_version":"1","generated_at":"2026-06-02T03:15:54+00:00","cve":"CVE-2026-0043","urls":{"html":"https://cve.report/CVE-2026-0043","api":"https://cve.report/api/cve/CVE-2026-0043.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0043","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0043"},"summary":{"title":"CVE-2026-0043","description":"In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","state":"PUBLISHED","assigner":"google_android","published_at":"2026-06-01 22:16:20","updated_at":"2026-06-02 00:16:34"},"problem_types":["CWE-190","Elevation of privilege","CWE-190 CWE-190 Integer Overflow or Wraparound"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://source.android.com/docs/security/bulletin/2026/2026-06-01","name":"https://source.android.com/docs/security/bulletin/2026/2026-06-01","refsource":"security@android.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0043","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0043","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Google","product":"Android","version":"affected 16-qpr2","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 16","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 15","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 14","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-0043","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-01T23:36:10.918565Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190 Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T23:36:16.851Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Android","vendor":"Google","versions":[{"status":"affected","version":"16-qpr2"},{"status":"affected","version":"16"},{"status":"affected","version":"15"},{"status":"affected","version":"14"}]}],"descriptions":[{"lang":"en","value":"In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"problemTypes":[{"descriptions":[{"description":"Elevation of privilege","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T21:14:51.989Z","orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android"},"references":[{"url":"https://source.android.com/docs/security/bulletin/2026/2026-06-01"}],"x_generator":{"engine":"cvelib 1.7.1"}}},"cveMetadata":{"assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","cveId":"CVE-2026-0043","datePublished":"2026-06-01T21:14:51.989Z","dateReserved":"2025-10-15T15:39:33.146Z","dateUpdated":"2026-06-01T23:36:16.851Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-01 22:16:20","lastModifiedDate":"2026-06-02 00:16:34","problem_types":["CWE-190","Elevation of privilege","CWE-190 CWE-190 Integer Overflow or Wraparound"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43","Ordinal":"1","Title":"CVE-2026-0043","CVE":"CVE-2026-0043","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43","Ordinal":"1","NoteData":"In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","Type":"Description","Title":"CVE-2026-0043"}]}}}