CVE-2026-0072

In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0072

CVE-2026-0072 affects Android’s InputMethodManagerService (com.android.server.inputmethod.InputMethodManagerService). The issue is a missing permission check in addInputMethodListener, enabling local elevation of privilege with no additional execution privileges required and no user interaction n...

Google Pixel 输入验证错误漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that originates in setInputMethodWithSubtypeIdLocked in InputMethodManagerService.java, which may bypass notifications to hide preferences due to improper input validation, which coul...

CVE-2022-20394

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...