Home / Vulnerability Intelligence / CVE-2026-0034

CVE-2026-0034 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 3, 2026

ManagedServices - Privilege Escalation

Published: March 2, 2026Updated: March 3, 2026

Overview

ManagedServices.java contains a local privilege escalation caused by improper input validation in setPackageOrComponentEnabled, letting local attackers escalate privileges without additional execution rights, exploit requires no user interaction.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 0.8%(Probability of exploitation in next 30 days)

Impact

Local attackers can escalate privileges without needing additional execution rights, potentially gaining unauthorized access.

Mitigation

Update to the latest version containing the fix.

References

https://source.android.com/security/bulletin/2026-03-01

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🟠 CVE-2026-0034 - High (8.4) In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interac... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0034/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-0034
Severity: High
CVSS Score: 8.4
Type: broken_access_control
Status: confirmed
EPSS: 0.8%
Social Posts: 1

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.8%Probability of exploitation in the next 30 days