CVE-2026-0109
Published: 10 March 2026
Summary
CVE-2026-0109 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Google Android. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 40.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires detection and response to audit logging failures as an unusual or exceptional condition.
Implements detection of unusual or exceptional conditions followed by safe mode entry, reducing the window for exploitation of unchecked conditions.
Training ensures users perform required checks for unusual or exceptional conditions as part of contingency roles, limiting attacker leverage from skipped validations.
IR testing directly validates checks for unusual or exceptional conditions that could indicate security incidents.
Requires ongoing monitoring of organization-defined metrics and analysis, enabling checks for unusual or exceptional conditions.
Security testing routinely checks for unusual or exceptional inputs/conditions, identifying missing validation steps that flaw remediation then resolves.
Requires detection of unusual conditions followed by a controlled transition to the defined failure state.
MTTF determination forces explicit checks for conditions that precede predictable component failure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network-exploitable precondition check failure directly enables application/system DoS via vulnerability exploitation (T1499.004).
NVD Description
In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Deeper analysisAI
CVE-2026-0109 is a vulnerability in the dhd_tcpdata_info_get function of dhd_ip.c, where a precondition check failure can lead to a denial of service. This issue affects the Android platform, as documented in the Android Security Bulletin and the Pixel-specific bulletin for March 2026.
The vulnerability allows a remote attacker to trigger a denial of service without requiring additional execution privileges or user interaction. Exploitation is straightforward given the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), enabling network-based attacks with low complexity that result in high availability impact but no confidentiality or integrity effects. It is associated with CWE-754 (Improper Check for Unusual or Exceptional Conditions).
Mitigation details are provided in the Android Security Bulletin at https://source.android.com/docs/security/bulletin/2026/2026-03-01 and the Pixel bulletin at https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01, which include patches for affected Android versions and devices. Security practitioners should apply these updates promptly to vulnerable systems.
Details
- CWE(s)