SQL Injection Allows Access to Sensitive Files in Other Apps

Summary

A vulnerability in multiple apps allows attackers to access sensitive files they shouldn't be able to see, potentially leading to unauthorized access to important information. This can happen without the attacker needing to interact with the app or gain any new privileges. To protect your business, update the affected apps as soon as possible.

What to do

Update google platform/packages/providers/mediaprovider to version 16-qpr2-next:2026-03-01.
Update google platform/packages/providers/mediaprovider to version 15:2026-03-01.
Update google platform/packages/providers/mediaprovider to version 16:2026-03-01.
Update google platform/packages/providers/mediaprovider to version 14:2026-03-01.

Affected software

Vendor	Product	Affected versions	Fix available
google	android	13.0	–
google	android	14.0	–
google	android	15.0	–
google	android	16.0	–
google	platform/packages/providers/mediaprovider	> 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01	16-qpr2-next:2026-03-01
google	platform/packages/providers/mediaprovider	> 15:0 , <= 15:2026-03-01	15:2026-03-01
google	platform/packages/providers/mediaprovider	> 16:0 , <= 16:2026-03-01	16:2026-03-01
google	platform/packages/providers/mediaprovider	> 14:0 , <= 14:2026-03-01	14:2026-03-01

Original title

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges n...

Original description

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

nvd CVSS3.1 7.8

Vulnerability type

CWE-89 SQL Injection