{"api_version":"1","generated_at":"2026-06-02T03:16:13+00:00","cve":"CVE-2026-28580","urls":{"html":"https://cve.report/CVE-2026-28580","api":"https://cve.report/api/cve/CVE-2026-28580.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-28580","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-28580"},"summary":{"title":"CVE-2026-28580","description":"In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","state":"PUBLISHED","assigner":"google_android","published_at":"2026-06-01 22:16:25","updated_at":"2026-06-01 23:16:22"},"problem_types":["CWE-120","Elevation of privilege","CWE-120 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://source.android.com/docs/security/bulletin/2026/2026-06-01","name":"https://source.android.com/docs/security/bulletin/2026/2026-06-01","refsource":"security@android.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-28580","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28580","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Google","product":"Android","version":"affected 16-qpr2","platforms":[]},{"source":"CNA","vendor":"Google","product":"Android","version":"affected 16","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-28580","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-01T22:29:07.566520Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-120","description":"CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T22:39:37.271Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Android","vendor":"Google","versions":[{"status":"affected","version":"16-qpr2"},{"status":"affected","version":"16"}]}],"descriptions":[{"lang":"en","value":"In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}],"problemTypes":[{"descriptions":[{"description":"Elevation of privilege","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T21:14:56.007Z","orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android"},"references":[{"url":"https://source.android.com/docs/security/bulletin/2026/2026-06-01"}],"x_generator":{"engine":"cvelib 1.7.1"}}},"cveMetadata":{"assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","cveId":"CVE-2026-28580","datePublished":"2026-06-01T21:14:56.007Z","dateReserved":"2026-03-02T19:10:53.531Z","dateUpdated":"2026-06-01T22:39:37.271Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-01 22:16:25","lastModifiedDate":"2026-06-01 23:16:22","problem_types":["CWE-120","Elevation of privilege","CWE-120 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"28580","Ordinal":"1","Title":"CVE-2026-28580","CVE":"CVE-2026-28580","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"28580","Ordinal":"1","NoteData":"In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","Type":"Description","Title":"CVE-2026-28580"}]}}}