Home / Vulnerability Intelligence / CVE-2026-0007

CVE-2026-0007 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: March 3, 2026

WindowInfo - Clickjacking

Published: March 2, 2026Updated: March 3, 2026

Overview

WindowInfo.cpp contains a tapjacking vulnerability caused by overlay attacks in writeToParcel, letting local attackers escalate privileges without additional execution rights, exploit requires no user interaction.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 0.6%(Probability of exploitation in next 30 days)

Impact

Local attackers can escalate privileges without needing additional execution rights or user interaction.

Mitigation

Update to the latest version containing the fix.

References

https://source.android.com/security/bulletin/2026-03-01

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 3, 2026

🟠 CVE-2026-0007 - High (8.6) In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User inter... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0007/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-0007
Severity: High
CVSS Score: 8.6
Type: clickjacking
Status: modified
EPSS: 0.6%
Social Posts: 1

CWE

CWE-1021

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.6%Probability of exploitation in the next 30 days