Primary

Context

Android XR Input Method Manager Service Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability has been identified in the Input Method Manager Service of Android XR, specifically in the addInputMethodListener function. This vulnerability arises from a missing permission check, which could allow unauthorized access to input text without the necessary permissions. The issue could lead to local privilege escalation, and can be exploited without any additional execution privileges or user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized access to input text, potentially allowing for local privilege escalation.

Remediation

To address this vulnerability, users should update their devices to the June 2026 security patch level or later. Instructions for checking and installing security updates can be found on the Google device update schedule page.

Added: Jun 1, 2026, 7:46 PM

Updated: Jun 1, 2026, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Android XR Input Method Manager Service Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating