CVE-2026-0075
MEDIUMDescription
In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Is your site exposed to CVE-2026-0075?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| android | |
| android | |
| android | |
| android | |
| android | |
| android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-0075? +
How severe is CVE-2026-0075? +
What products are affected by CVE-2026-0075? +
How do I check if I'm vulnerable to CVE-2026-0075? +
Related Vulnerabilities
Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases.
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated …
SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, …
A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters …
Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in …
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled …