CVE Catalog

CVE-2026-28576

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

30th percentile — higher than 30% of all known CVEs

Summary

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to the disclosure of sensitive contact data, potentially leading to privacy violations.

Recommendation

It is recommended to update the software to the latest version to patch this vulnerability and to monitor access to the contacts database.

Original NVD description (English source)

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS