What is CVE-2026-28576?

CVE-2026-28576 is a medium-severity vulnerability in Android, classified under SQL Injection. CVSS score: 5.5/10. Published 2026-06-17.

How severe is CVE-2026-28576?

Medium severity. CVSS v3 base score is 5.5 out of 10.

SQL Injection in Android

CVE-2026-28576

In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploita…

Vulnerability class: SQL Injection

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Android — versions 17
Google Android — versions 17.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security@android.com (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-28576?: CVE-2026-28576 is a medium-severity vulnerability in Android, classified under SQL Injection. CVSS score: 5.5/10. Published 2026-06-17.
How severe is CVE-2026-28576?: Medium severity. CVSS v3 base score is 5.5 out of 10.