CVE-2026-0120

{"id": "CVE-2026-0120", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-10T21:16:45.480", "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01", "tags": ["Vendor Advisory"], "source": "dsap-vuln-management@google.com"}, {"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01", "tags": ["Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En el m\u00f3dem, existe una posible escritura fuera de l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda llevar a ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para su explotaci\u00f3n."}], "lastModified": "2026-03-11T16:47:39.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "dsap-vuln-management@google.com"}