Cyber Posture

CVE-2026-0006

Critical

Published: 02 March 2026

Published
02 March 2026
Modified
06 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 15.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0006 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of the heap buffer overflow vulnerability as detailed in the Android security bulletin.

SI-16 Memory Protection good match
prevent

Provides memory protection mechanisms like ASLR, DEP, and stack canaries that prevent exploitation of heap buffer overflows leading to remote code execution.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables vulnerability scanning to detect the presence of CVE-2026-0006 in affected Android systems, supporting prompt remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Network-reachable heap buffer overflow directly enables unauthenticated remote code execution on the device, matching exploitation of a remotely accessible component.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Deeper analysisAI

CVE-2026-0006 is a heap buffer overflow vulnerability (CWE-122) present in multiple locations within Android, enabling out-of-bounds read and write operations. This flaw could result in remote code execution without requiring additional execution privileges or user interaction. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, and potential for high impact on confidentiality, integrity, and availability.

Remote attackers can exploit this vulnerability over the network with no privileges or user interaction needed, making it highly accessible. Successful exploitation allows arbitrary code execution on the affected Android device, potentially compromising the entire system.

The Android security bulletin published on March 1, 2026, at https://source.android.com/docs/security/bulletin/2026/2026-03-01 provides details on affected versions and available patches for mitigation. Security practitioners should apply these updates promptly to vulnerable Android releases.

Details

CWE(s)
CWE-122

Affected Products

google
android
16.0

CVEs Like This One

CVE-2026-0116Same product: Google Android
CVE-2025-26416Same product: Google Android
CVE-2025-48530Same product: Google Android
CVE-2026-0120Same product: Google Android
CVE-2025-36937Same product: Google Android
CVE-2026-0114Same product: Google Android
CVE-2025-32318Same product: Google Android
CVE-2026-0113Same product: Google Android
CVE-2025-48626Same product: Google Android
CVE-2025-0074Same product: Google Android

References