Primary

Context

Android Credential Manager Service Information Disclosure Vulnerability

Vulnerability

Patched

A permissions bypass vulnerability has been identified in the Credential Manager Service, specifically in the 'updateProvidersWhenServiceRemoved' function. This vulnerability allows for the potential override of settings across different user accounts, leading to unauthorized access to local information. The issue does not require any additional execution privileges or user interaction for exploitation.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information across user accounts.

Remediation

Users can update their devices to the June 2026 security patch level to address this vulnerability.

Added: Jun 1, 2026, 10:56 PM

Updated: Jun 1, 2026, 10:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android Credential Manager Service Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating