CVE-2025-26439
CVE-2025-26439 describes a logic error in getComponentName of AccessibilitySettingsUtils.java that can allow a malicious TalkBack service to be enabled in place of the system component. This enables local privilege escalation with no additional privileges or user interaction needed (AV:L/AC:L/PR:...