Android Drag-and-Drop Interception Vulnerability in DisplayPolicy Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in the Android operating system within the 'validateAddingWindowLw' function of 'DisplayPolicy.java'. This issue arises from a missing permission check, which creates a potential for applications to intercept drag-and-drop events. Exploitation of this vulnerability could lead to a local escalation of privileges, with no additional execution rights required. Notably, user interaction is not necessary for this exploitation to occur.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation, allowing an application to gain elevated rights or access beyond its intended permissions.

Added: Mar 2, 2026, 7:47 PM

Updated: Mar 2, 2026, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Drag-and-Drop Interception Vulnerability in DisplayPolicy Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating