Cyber Resilience

CVE-2026-0109

High

Published: 10 March 2026

Published
10 March 2026
Modified
11 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0020 42.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0109 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Google Android. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 42.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-0109 is a vulnerability in the dhd_tcpdata_info_get function of dhd_ip.c, where a precondition check failure can lead to a denial of service. This issue affects the Android platform, as documented in the Android Security Bulletin and the Pixel-specific bulletin for March 2026.

The vulnerability allows a remote attacker to trigger a denial of service without requiring additional execution privileges or user interaction. Exploitation is straightforward given the CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), enabling network-based attacks with low complexity that result in high availability impact but no confidentiality or integrity effects. It is associated with CWE-754 (Improper Check for Unusual or Exceptional Conditions).

Mitigation details are provided in the Android Security Bulletin at https://source.android.com/docs/security/bulletin/2026/2026-03-01 and the Pixel bulletin at https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01, which include patches for affected Android versions and devices. Security practitioners should apply these updates promptly to vulnerable systems.

EU & UK References

Vulnerability details

In dhd_tcpdata_info_get of dhd_ip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote network-exploitable precondition check failure directly enables application/system DoS via vulnerability exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-40675Same product: Google Android
CVE-2024-56192Same product: Google Android
CVE-2026-0122Same product: Google Android
CVE-2026-0045Same product: Google Android
CVE-2025-48602Same product: Google Android
CVE-2026-0124Same product: Google Android
CVE-2025-0075Same product: Google Android
CVE-2026-0078Same product: Google Android
CVE-2024-49738Same product: Google Android
CVE-2024-40651Same product: Google Android

Affected Assets

google
android
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the precondition check failure in dhd_tcpdata_info_get by applying vendor patches from the Android Security Bulletin.

prevent

Protects against remote denial-of-service attacks triggered by the precondition check failure with no privileges required.

prevent

Ensures proper error and exception handling for unusual conditions like precondition failures to avoid denial-of-service crashes.

References