Vulnerability in Tecno Mobile Pova7 Pro 5g

CVE-2026-0634

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.

Affected products

Tecno Mobile Pova7 Pro 5g — versions HiOS V15.1.0

Weakness classification (CWE)

CWE-88 — Argument Injection

References

security.tecno.com/SRC/securityUpdates