CVE-2026-0085 | In applySimpleFieldMaxSize of DataRowHandler.java, there is … | CVSS 5.5 MEDIUM

Description

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Metadata

CVE ID: CVE-2026-0085
State: PUBLISHED
Assigner: google_android
Reserved: 2025-10-15 15:42 UTC
Published: 2026-06-01 21:14 UTC
Last updated: 2026-06-01 23:18 UTC
Primary CWE: CWE-20
CWE-20 Improper Input Validation
Vendor / Product: Google / Android
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Google	Android	—	16-qpr2, 16, 15, 14

Weakness (CWE)

CWE	Source	Description
—	cna	Denial of service
CWE-20	adp	CWE-20 Improper Input Validation

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.5	MEDIUM	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (1)

https://source.android.com/docs/security/bulletin/2026/2026-06-01