wid-sec-w-2026-0973 · Published 2026-04-06 · View on BSI CERT-Bund ↗

Google Android: Multiple Vulnerabilities

CVSS 6.2 MEDIUM

Risk Summary

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVEs (2)

CVE-2025-48651 CVE-2026-0049

Affected Vendors

Google

Affected Products (4)

Google · Android security patch level <2026-04-01

Google · Android security patch level 2026-04-01

Google · Android security patch level <2026-04-05

Google · Android security patch level 2026-04-05

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more