CVE-2026-0064 | In multiple places, there is a possible persistent denial of… | CVSS 10.0 CRITICAL

Description

In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Metadata

CVE ID: CVE-2026-0064
State: PUBLISHED
Assigner: google_android
Reserved: 2025-10-15 15:40 UTC
Published: 2026-06-17 06:59 UTC
Last updated: 2026-06-17 14:01 UTC
Primary CWE: CWE-400
CWE-400 Uncontrolled Resource Consumption
Vendor / Product: Google / Android
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Google	Android	—	17

Weakness (CWE)

CWE	Source	Description
—	cna	Denial of service
CWE-400	adp	CWE-400 Uncontrolled Resource Consumption

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References (1)

https://source.android.com/docs/security/bulletin/android-17