CVE-2026-0111
Published: 10 March 2026
Summary
CVE-2026-0111 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Google Android. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 46.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of software flaws like the out-of-bounds write in ns_GetUserData, enabling patching as specified in the Android Security Bulletin.
Implements runtime memory protections such as address space randomization and non-executable memory to mitigate exploitation of out-of-bounds writes leading to privilege escalation.
Mandates validation of information inputs to the ns_GetUserData function, addressing the root cause of the incorrect bounds check vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation leading to privilege escalation via out-of-bounds write directly enables T1068 (Exploitation for Privilege Escalation) and T1210 (Exploitation of Remote Services).
NVD Description
In ns_GetUserData of ns_SmscbUtilities.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Deeper analysisAI
CVE-2026-0111 is a high-severity vulnerability involving an out-of-bounds write due to an incorrect bounds check in the ns_GetUserData function within ns_SmscbUtilities.c. This issue affects Android devices, as indicated by its inclusion in Android security bulletins. Assigned CWE-787, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its critical potential impact.
Remote attackers can exploit this vulnerability over the network without requiring user interaction or additional execution privileges. Successful exploitation enables escalation of privilege, potentially granting unauthorized access to sensitive data and system resources with high confidentiality, integrity, and availability impacts.
Mitigation details are provided in the Android Security Bulletin for March 2026 at https://source.android.com/docs/security/bulletin/2026/2026-03-01, along with Pixel-specific guidance at https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01. Security practitioners should apply the corresponding patches to affected Android versions promptly.
Details
- CWE(s)