CVE-2026-5804

HIGH 8.4

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks and access protected device settings.

Vendor	motorola
Product	phones
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for motorola phones

Be the first to know when new high vulnerabilities affecting motorola phones are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

Motorola / Phones

0 < 2026-04-05

References

NVD ↗ CVE.org ↗ EPSS Data ↗

en-us.support.motorola.com: https://en-us.support.motorola.com/app/answers/detail/a_id/192534

Credits

Motorola thanks Pranil Gholap for reporting this issue.