CVE-2026-0047
Published: 02 March 2026
Summary
CVE-2026-0047 is a high-severity Improper Handling of Insufficient Permissions or Privileges (CWE-280) vulnerability in Google Android. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources like dumpBitmapsProto in ActivityManagerService, directly preventing unauthorized apps from accessing private information due to missing permission checks.
Applies least privilege to restrict unprivileged apps from escalating via system services, ensuring functions like dumpBitmapsProto require necessary permissions.
Implements a reference monitor to mediate all accesses in Android system processes, mitigating flaws from omitted permission checks in ActivityManagerService.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing permission check in Android system service directly enables local privilege escalation via malicious app with no user interaction or prior privileges.
NVD Description
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
more
needed for exploitation.
Deeper analysisAI
CVE-2026-0047 is a vulnerability in the dumpBitmapsProto function of ActivityManagerService.java within Android. It arises from a missing permission check that allows an app to access private information. This flaw could lead to local escalation of privilege, requiring no additional execution privileges and no user interaction for exploitation. The vulnerability is associated with CWE-280 and carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A local attacker can exploit this vulnerability by running a malicious app on the device. The attack requires only local access with low complexity, no prior privileges (PR:N), and no user interaction (UI:N). Upon successful exploitation, the attacker achieves high impacts across confidentiality, integrity, and availability, enabling escalation of privileges on the system.
The Android security bulletin published on March 1, 2026, at https://source.android.com/docs/security/bulletin/2026/2026-03-01 provides further details on affected versions and mitigation through available patches.
Details
- CWE(s)