Home / Vulnerability Intelligence / CVE-2026-0020

CVE-2026-0020 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 3, 2026

ParsedPermissionUtils - Broken Access Control

Published: March 2, 2026Updated: March 3, 2026

Overview

ParsedPermissionUtils contains a permissions bypass caused by improper handling in parsePermissionGroup, letting local attackers escalate privileges without user interaction or additional execution privileges.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 0.6%(Probability of exploitation in next 30 days)

Impact

Local attackers can escalate privileges without user interaction or extra execution rights, potentially gaining unauthorized access.

Mitigation

Update to the latest version containing the fix.

References

https://source.android.com/security/bulletin/2026-03-01

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🟠 CVE-2026-0020 - High (8.4) In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges n... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0020/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-0020
Severity: High
CVSS Score: 8.4
Type: broken_access_control
Status: confirmed
EPSS: 0.6%
Social Posts: 1

CWE

CWE-639

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.6%Probability of exploitation in the next 30 days