CVE-2025-26439
CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th
In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
| Vendor | |
| Product | android |
| Ecosystems | |
| Industries | TechnologyMobile |
| Published | Sep 4, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for google android
Be the first to know when new high vulnerabilities affecting google android are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Google / Android
14