Vulnerabilities ›

CVE-2026-0005

Medium

CWE-200 — Weakness Type

                    Published: Mar 2, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

6.2

🔗 NVD Official

📄 Description (English)

In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation.

🤖 AI Executive Summary

CVE-2026-0005 is a vulnerability in Android's KeyguardServiceDelegate that allows bypassing app pinning restrictions through a missing permission check, enabling limited interaction with other apps without the Lock Screen Knowledge Factor (LSKF). This could lead to local information disclosure with app-dependent impact and requires no user interaction or elevated privileges.

📄 Description (Arabic)

تتعلق هذه الثغرة بخدمة KeyguardServiceDelegate في نظام Android حيث يوجد فشل في فحص الأذونات عند قطع الخدمة. يسمح هذا الفشل بتجاوز جزئي لآلية قفل التطبيقات مما يتيح تفاعلات محدودة مع تطبيقات أخرى دون معرفة رمز فتح الشاشة. قد يؤدي هذا إلى الكشف عن معلومات حساسة حسب طبيعة التطبيقات المستخدمة.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Android devices used in Saudi Arabia by allowing attackers to partially bypass app pinning security controls without knowing the device lock code, potentially exposing sensitive information through limited app interactions. The flaw requires no user interaction and poses a risk to organizations using app pinning for data protection on mobile devices.

🤖 AI Intelligence Analysis Analyzed: May 22, 2026 19:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government healthcare telecom

🎯 MITRE ATT&CK Techniques

T1548.001 T1548.004 T1040

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update Android devices to the latest security patch that includes the fix for CVE-2026-0005. Verify that KeyguardServiceDelegate properly enforces permission checks before allowing service disconnection. Organizations should review app pinning implementations and ensure they are using the latest Android security updates. Monitor for suspicious app interactions on pinned applications.

🔧 خطوات المعالجة (العربية)

قم بتحديث أجهزة Android إلى أحدث تصحيح أمني يتضمن إصلاح CVE-2026-0005. تحقق من أن KeyguardServiceDelegate تفرض فحص الأذونات بشكل صحيح قبل السماح بقطع الخدمة. يجب على المؤسسات مراجعة تطبيقات قفل التطبيقات والتأكد من استخدام أحدث تحديثات أمان Android. راقب التفاعلات المريبة للتطبيقات المقفلة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 SI-4

🟡 ISO 27001:2022

A.6.1.2 A.9.1.1 A.9.2.1 A.9.4.3

🔗 References & Sources 1

🔗

https://source.android.com/security/bulletin/2026-03-01

security@android.com

Broken Link Vendor Advisory

📦 Affected Products / CPE 3 entries

google:android:14.0

google:android:15.0

google:android:16.0

📊 CVSS Score

6.2

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.2

CWECWE-200

Exploit No

Patch ✗ No

Published 2026-03-02

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-200

🏢 Vendor Advisories

🔗 https://source.android.com/security/bulletin/2026-03-01

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-0005

Introduce Yourself

Sign In Required