Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.2
Android Keyguard App Bypass Allows Limited Interaction with Other Apps
CVE-2026-0005
Summary
A bug in Android's Keyguard app allows a malicious app to interact with other apps without the correct lock screen PIN or password. This could potentially lead to sensitive information being accessed. Update your Android system to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – | |
| android | 16.0 | – |
Original title
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing pe...
Original description
In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
6.2
Vulnerability type
CWE-200
Information Exposure
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026