Home / Vulnerability Intelligence / CVE-2026-0123

CVE-2026-0123 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: March 11, 2026

EfwApTransport - Privilege Escalation

Published: March 10, 2026Updated: March 11, 2026

Overview

EfwApTransport contains an out of bounds write caused by missing bounds check in ProcessRxRing function, letting local attackers escalate privileges without additional execution rights, exploit requires no user interaction.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Local attackers can escalate privileges, potentially gaining unauthorized access or control over the system.

Mitigation

Update to the latest version containing the fix.

References

https://source.android.com/security/bulletin/pixel/2026-03-01
https://source.android.com/docs/security/bulletin/2026/2026-03-01

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-0123
Severity: High
CVSS Score: 8.4
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H