Android ActivityRecord Logic Error Enabling BAL for Local Priv Esc
CVE-2026-0077 Published on June 1, 2026

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

NVD

Products Associated with CVE-2026-0077

Want to know whenever a new CVE is published for Google Android? stack.watch will email you.

Google Android

Affected Versions

Google Android Version 16-qpr2 is affected by CVE-2026-0077

Android ActivityRecord Logic Error Enabling BAL for Local Priv EscCVE-2026-0077 Published on June 1, 2026

Products Associated with CVE-2026-0077

Affected Versions

Android ActivityRecord Logic Error Enabling BAL for Local Priv Esc
CVE-2026-0077 Published on June 1, 2026