Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-0072: Android InputMethodManagerService Local Privilege Escalation
CVE-2026-0072
Summary
An attacker with local access can gain elevated privileges on an Android device without needing to interact with it. This affects Android devices using the InputMethodManagerService. To protect your device, ensure you have the latest security patches installed and follow Android's recommended security guidelines.
Original title
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execu...
Original description
In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS4.0
10.0
Vulnerability type
CWE-285
Improper Authorization
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026