{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0126", "assignerOrgId": "83238938-5644-45f0-9007-c0392bcf6222", "state": "PUBLISHED", "assignerShortName": "Google_Devices", "dateReserved": "2025-10-23T08:43:26.415Z", "datePublished": "2026-06-16T18:51:00.108Z", "dateUpdated": "2026-06-17T03:56:23.340Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83238938-5644-45f0-9007-c0392bcf6222", "shortName": "Google_Devices", "dateUpdated": "2026-06-16T18:51:00.108Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Remote code execution"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"version": "Android kernel", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}], "references": [{"url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01"}], "x_generator": {"engine": "cvelib 1.7.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-16T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-0126"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-17T03:56:23.340Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation."}], "id": "CVE-2026-0126", "lastModified": "2026-06-16T20:42:25.013", "metrics": {}, "published": "2026-06-16T20:16:23.547", "references": [{"source": "dsap-vuln-management@google.com", "url": "https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01"}], "sourceIdentifier": "dsap-vuln-management@google.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "Android kernel"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Android", "source": "cna", "vendor": "Google"}, "product": "android", "vendor": "google"}], "created": "2026-06-16T20:30:03.608389+00:00", "title": "Out of Bounds Write in WC\u2011Radio Permits Remote Code Execution", "updated": "2026-06-17T18:15:10.538959+00:00", "vendors": ["google", "google$PRODUCT$android"], "weaknesses": ["CWE-119", "CWE-122"]}