Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.2
Android Contact Name Exposed in Certain Notification Settings
CVE-2026-0012
ASB-A-392614656
Summary
A bug in the Android notification system can reveal contact names without requiring any user interaction or special access. This could potentially expose sensitive information on a device. Android users should keep their software up to date to prevent this issue.
What to do
- Update google platform/frameworks/base to version 16-qpr2-next:2026-03-01.
- Update google platform/frameworks/base to version 15:2026-03-01.
- Update google platform/frameworks/base to version 16:2026-03-01.
- Update google platform/frameworks/base to version 14:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – | |
| android | 16.0 | – | |
| platform/frameworks/base | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/frameworks/base | > 15:0 , <= 15:2026-03-01 | 15:2026-03-01 | |
| platform/frameworks/base | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 | |
| platform/frameworks/base | > 14:0 , <= 14:2026-03-01 | 14:2026-03-01 |
Original title
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional...
Original description
In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
6.2
Vulnerability type
CWE-284
Improper Access Control
CWE-693
Protection Mechanism Failure
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026