Android DocumentsUI Confused Deputy Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability has been identified in the PickActivity.java file of the Android DocumentsUI application. This issue arises from a confused deputy problem, which creates a potential avenue for starting any activity as a DocumentsUI app. Exploiting this vulnerability could lead to local privilege escalation, with no additional execution privileges required. Notably, user interaction is not necessary for exploitation.

Impact

Exploitation of this vulnerability could result in unauthorized access to elevated privileges within the affected application or system.

Added: Mar 2, 2026, 7:34 PM

Updated: Mar 2, 2026, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android DocumentsUI Confused Deputy Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating