Android NFC UAF in Nfc::eventCallback (CVE-2026-0083)
CVE-2026-0083 Published on June 17, 2026

In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor Advisory NVD

Weakness Type

What is a Race Condition Vulnerability?

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CVE-2026-0083 has been classified to as a Race Condition vulnerability or weakness.

Products Associated with CVE-2026-0083

Want to know whenever a new CVE is published for Google Android? stack.watch will email you.

Google Android

Affected Versions

Google Android Version 17 is affected by CVE-2026-0083

Android NFC UAF in Nfc::eventCallback (CVE-2026-0083)CVE-2026-0083 Published on June 17, 2026

Weakness Type

What is a Race Condition Vulnerability?

Products Associated with CVE-2026-0083

Affected Versions

Android NFC UAF in Nfc::eventCallback (CVE-2026-0083)
CVE-2026-0083 Published on June 17, 2026