In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|
References
History
Mon, 01 Jun 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Tapjacking Exploit Enables Local Privilege Escalation on Android | |
| Weaknesses | CWE-1181 |
Mon, 01 Jun 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published:
Updated: 2026-06-01T21:14:53.271Z
Reserved: 2025-10-15T15:40:39.686Z
Link: CVE-2026-0061
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-06-01T22:16:21.170
Modified: 2026-06-01T22:16:21.170
Link: CVE-2026-0061
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-01T22:45:25Z