Cyber Resilience

CVE-2026-0006

Critical

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0058 43.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-0006 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0006 is a heap buffer overflow vulnerability (CWE-122) present in multiple locations within Android, enabling out-of-bounds read and write operations. This flaw could result in remote code execution without requiring additional execution privileges or user interaction. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and potential for high impact on confidentiality, integrity, and availability.

Remote attackers can exploit this vulnerability over the network with no privileges or user interaction needed, making it highly accessible. Successful exploitation allows arbitrary code execution on the affected Android device, potentially compromising the entire system.

The Android security bulletin published on March 1, 2026, at https://source.android.com/docs/security/bulletin/2026/2026-03-01 provides details on affected versions and available patches for mitigation. Security practitioners should apply these updates promptly to vulnerable Android releases.

EU & UK References

Vulnerability details

In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Network-reachable heap buffer overflow directly enables unauthenticated remote code execution on the device, matching exploitation of a remotely accessible component.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-0100Same product: Google Android
CVE-2025-48530Same product: Google Android
CVE-2026-0059Same product: Google Android
CVE-2025-32318Same product: Google Android
CVE-2025-36937Same product: Google Android
CVE-2026-0114Same product: Google Android
CVE-2026-0120Same product: Google Android
CVE-2025-26416Same product: Google Android
CVE-2026-0116Same product: Google Android
CVE-2025-48626Same product: Google Android

Affected Assets

google
android
16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of the heap buffer overflow vulnerability as detailed in the Android security bulletin.

prevent

Provides memory protection mechanisms like ASLR, DEP, and stack canaries that prevent exploitation of heap buffer overflows leading to remote code execution.

detect

Enables vulnerability scanning to detect the presence of CVE-2026-0006 in affected Android systems, supporting prompt remediation.

References