CVE-2026-0088

7.8 HIGH

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insuffici...

Published: 2026-06-01 · Last updated: 2026-06-03

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-451

Affected products

Vendor	Product
google	android

Description

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-0088
[Vendor advisory]https://source.android.com/docs/security/bulletin/2026/2026-06-01

Related CVEs

Same vendor

CVE-2026-12035 — Use after free in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corrupt... (8.8 HIGH)
CVE-2026-12034 — Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote at... (8.3 HIGH)
CVE-2026-12033 — Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process... (5.3 MEDIUM)
CVE-2026-12032 — Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromis... (3.1 LOW)
CVE-2026-12031 — Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised t... (8.3 HIGH)

Same CWE

CVE-2026-53829 — OpenClaw before 2026.5.18 contains an approval display truncation vulnerability allowing authenticated users to hide command suffixes fro... (8.0 HIGH)
CVE-2026-45650 — User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over ... (4.3 MEDIUM)
CVE-2026-11300 — Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via ... (4.3 MEDIUM)
CVE-2026-11294 — Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a ... (4.3 MEDIUM)
CVE-2026-11286 — Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromise... (4.3 MEDIUM)