{"api_version":"1","generated_at":"2026-06-02T03:15:49+00:00","cve":"CVE-2026-0056","urls":{"html":"https://cve.report/CVE-2026-0056","api":"https://cve.report/api/cve/CVE-2026-0056.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0056","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0056"},"summary":{"title":"CVE-2026-0056","description":"In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","state":"PUBLISHED","assigner":"google_android","published_at":"2026-06-01 22:16:20","updated_at":"2026-06-02 00:16:34"},"problem_types":["CWE-120","Information disclosure","CWE-120 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://source.android.com/docs/security/bulletin/2026/2026-06-01","name":"https://source.android.com/docs/security/bulletin/2026/2026-06-01","refsource":"security@android.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0056","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0056","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Google","product":"Android","version":"affected 16-qpr2","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 16","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 15","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 14","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-0056","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-01T23:26:13.268482Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-120","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T23:26:16.237Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Android","vendor":"Google","versions":[{"status":"affected","version":"16-qpr2"},{"status":"affected","version":"16"},{"status":"affected","version":"15"},{"status":"affected","version":"14"}]}],"descriptions":[{"lang":"en","value":"In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}],"problemTypes":[{"descriptions":[{"description":"Information disclosure","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T21:14:52.922Z","orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android"},"references":[{"url":"https://source.android.com/docs/security/bulletin/2026/2026-06-01"}],"x_generator":{"engine":"cvelib 1.7.1"}}},"cveMetadata":{"assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","cveId":"CVE-2026-0056","datePublished":"2026-06-01T21:14:52.922Z","dateReserved":"2025-10-15T15:40:31.342Z","dateUpdated":"2026-06-01T23:26:16.237Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-01 22:16:20","lastModifiedDate":"2026-06-02 00:16:34","problem_types":["CWE-120","Information disclosure","CWE-120 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"56","Ordinal":"1","Title":"CVE-2026-0056","CVE":"CVE-2026-0056","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"56","Ordinal":"1","NoteData":"In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","Type":"Description","Title":"CVE-2026-0056"}]}}}