{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0055", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "state": "PUBLISHED", "assignerShortName": "google_android", "dateReserved": "2025-10-15T15:40:29.016Z", "datePublished": "2026-06-01T21:14:52.825Z", "dateUpdated": "2026-06-01T21:14:52.825Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2026-06-01T21:14:52.825Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"version": "16-qpr2", "status": "affected"}, {"version": "16", "status": "affected"}, {"version": "15", "status": "affected"}, {"version": "14", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}], "references": [{"url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"}], "x_generator": {"engine": "cvelib 1.7.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."}], "id": "CVE-2026-0055", "lastModified": "2026-06-01T22:16:20.783", "metrics": {}, "published": "2026-06-01T22:16:20.783", "references": [{"source": "security@android.com", "url": "https://source.android.com/docs/security/bulletin/2026/2026-06-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16-qpr2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "14"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Android", "source": "cna", "vendor": "Google"}, "product": "android", "vendor": "google"}], "created": "2026-06-01T22:45:25.382137+00:00", "title": "Local Privilege Escalation via Path Traversal in Android PackageInstallerService", "updated": "2026-06-01T23:00:16.717748+00:00", "vendors": ["google", "google$PRODUCT$android"], "weaknesses": ["CWE-23"]}