55 matches found
CVE-2026-45182
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...
EUVD-2026-28944
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...
CVE-2026-45182
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...
CVE-2026-45182
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...
CVE-2026-45182
Summary: CVE-2026-45182 affects GrapheneOS prior to 2026050400. A vulnerability arises from a registerQuicConnectionClosePayload optimization that lets a local attacker infer the real IP address of a VPN user when the device has both “Block connections without VPN” and “Always-on VPN” enabled, by...
CVE-2026-45182
GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...
GrapheneOS 安全漏洞
GrapheneOS is a mobile operating system developed by GrapheneOS Inc. Prior versions of GrapheneOS, including 2026050400, contained security vulnerabilities. These vulnerabilities stemmed from the optimization of the registerQuicConnectionClosePayload function, which could allow attackers to...
PT-2026-39421
Name of the Vulnerable Software and Affected Versions GrapheneOS versions prior to 2026050400 Description An optimization in the registerQuicConnectionClosePayload function allows attackers to discover the real IP address of a VPN user. This occurs because an application can cause the system serv...
They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history...
PT-2026-4688
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4683
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper input validation in multiple locations allows for the unauthorized revelation of images across different users. This issue can lead to local escalation ...
PT-2026-4701
Name of the Vulnerable Software and Affected Versions versions prior to 2026-0021 Description A cross-user permission bypass exists due to a confused deputy condition in the hasInteractAcrossUsersFullPermission function within the AppInfoBase.java file. This could allow for local escalation of...
PT-2026-4707
Name of the Vulnerable Software and Affected Versions ManagedServices affected versions not specified Description An issue exists in the setPackageOrComponentEnabled function of ManagedServices.java related to improper input validation. This can result in a notification policy desync, potentially...
PT-2026-4713
In multiple functions of ubsan throwing runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4702
Look at the security patch preview section of https://t.co/ySklSke3uy. These are from the upcoming patch levels: Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044 High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48561, CVE-2025-48615,...
PT-2026-4705
Name of the Vulnerable Software and Affected Versions versions prior to 2026-0025 Description A permissions bypass exists in the hasImage function of Notification.java, potentially allowing information disclosure across users. This could lead to local escalation of privilege without requiring...
PT-2026-4687
In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4704
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
PT-2026-4696
In multiple locations of AppOpsService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2026-4692
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...