CVE Catalog

CVE-2026-0057

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to the disclosure of sensitive user information, potentially leading to privacy violations.

Recommendation

It is recommended to implement appropriate permission checks in the Contacts Provider to prevent unauthorized access to data.

Original NVD description (English source)

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS