Home / Vulnerability Intelligence / CVE-2026-0047

CVE-2026-0047 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 3, 2026

Android ActivityManagerService - Broken Access Control

Published: March 2, 2026Updated: March 3, 2026

Overview

Android ActivityManagerService contains a broken access control caused by missing permission check in dumpBitmapsProto, letting local apps escalate privileges without additional execution rights, exploit requires no user interaction.

Severity & Score

Severity: High

CVSS Score: 8.4

EPSS Score: 0.6%(Probability of exploitation in next 30 days)

Impact

Local attacker can escalate privileges without needing extra execution permissions, potentially gaining unauthorized access.

Mitigation

Update to the latest available version with the permission check fix.

References

https://source.android.com/security/bulletin/2026-03-01

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 2, 2026

🟠 CVE-2026-0047 - High (8.4) In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-0047/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-0047
Severity: High
CVSS Score: 8.4
Type: broken_access_control
Status: confirmed
EPSS: 0.6%
Social Posts: 1

CWE

CWE-280

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.6%Probability of exploitation in the next 30 days