Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 02 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:* cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:* |
Tue, 02 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Local Information Disclosure via Cross‑User Settings Override in Android CredentialManagerService |
Tue, 02 Jun 2026 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CredentialManagerService Permissions Bypass Allowing Local Information Disclosure Across Users | |
| Weaknesses | CWE-199 CWE-284 |
Tue, 02 Jun 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-269 | |
| Metrics |
cvssV3_1
|
Mon, 01 Jun 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | CredentialManagerService Permissions Bypass Allowing Local Information Disclosure Across Users | |
| First Time appeared |
Google
Google android |
|
| Weaknesses | CWE-199 CWE-284 |
|
| Vendors & Products |
Google
Google android |
Mon, 01 Jun 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |
| References |
|
Status: PUBLISHED
Assigner: google_android
Published:
Updated: 2026-06-01T23:43:26.328Z
Reserved: 2025-10-15T15:38:48.429Z
Link: CVE-2026-0016
Updated: 2026-06-01T23:43:18.659Z
Status : Analyzed
Published: 2026-06-01T22:16:19.303
Modified: 2026-06-02T18:41:01.900
Link: CVE-2026-0016
No data.
OpenCVE Enrichment
Updated: 2026-06-02T04:30:36Z