Android BLE Pairing Logic Error Allows Priv Escalation: CVE-2026-0097 June 2026

In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. This weakness covers three distinct situations. A "missing" protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An "insufficient" protection mechanism might provide some defenses - for example, against the most common attacks - but it does not protect against everything that is intended. Finally, an "ignored" mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Products Associated with CVE-2026-0097

Want to know whenever a new CVE is published for Google Android? stack.watch will email you.

Android BLE Pairing Logic Error Allows Priv Escalation
CVE-2026-0097 Published on June 1, 2026

Vulnerability Analysis

Weakness Type

Protection Mechanism Failure

Products Associated with CVE-2026-0097

Affected Versions

Android BLE Pairing Logic Error Allows Priv EscalationCVE-2026-0097 Published on June 1, 2026

Vulnerability Analysis

Weakness Type

Protection Mechanism Failure

Products Associated with CVE-2026-0097

Affected Versions

Android BLE Pairing Logic Error Allows Priv Escalation
CVE-2026-0097 Published on June 1, 2026