CVE-2026-28587
MEDIUM
google
android
NVD
CVSS Score
5.5
Severity
MEDIUM
Published
Jun 17, 2026
Vendor
google
Description
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.