Android Bluetooth SDP Heap Overflow Enables Remote Code Exec
CVE-2026-0059 Published on June 1, 2026

In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-0059

Want to know whenever a new CVE is published for Google Android? stack.watch will email you.

Google Android

Affected Versions

Google Android:

Version 16-qpr2 is affected.
Version 16 is affected.
Version 15 is affected.
Version 14 is affected.

Exploit Probability

EPSS

0.11%

Percentile

1.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Android Bluetooth SDP Heap Overflow Enables Remote Code ExecCVE-2026-0059 Published on June 1, 2026

Vulnerability Analysis

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2026-0059

Affected Versions

Exploit Probability

Android Bluetooth SDP Heap Overflow Enables Remote Code Exec
CVE-2026-0059 Published on June 1, 2026