CVE Catalog

CVE-2026-28587

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

Risk Assessment

The organization may be exposed to the disclosure of confidential data, which could lead to privacy violations and potential legal consequences.

Recommendation

It is recommended to implement appropriate permission checks in MmsSmsProvider to prevent unauthorized access to sensitive information.

Original NVD description (English source)

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS