CVE-2026-0080: Google Android DOS Vulnerability

CVE-2026-0080 Overview

CVE-2026-0080 is an integer overflow vulnerability [CWE-190] in multiple functions of ubsan_throwing_runtime.cpp within Google Android. The flaw allows an attacker to trigger a crash, resulting in remote denial of service. Exploitation requires no additional execution privileges and no user interaction. Google addressed the issue in the Android Security Bulletin June 2026.

Critical Impact
Remote attackers can crash affected Android components without user interaction, causing service disruption on devices running Android 14, 15, and 16 (including QPR2 beta releases).

Affected Products

Google Android 14.0
Google Android 15.0
Google Android 16.0 (including qpr2_beta_1, qpr2_beta_2, qpr2_beta_3)

Discovery Timeline

2026-06-01 - Google publishes fix in Android Security Bulletin
2026-06-01 - CVE-2026-0080 published to NVD
2026-06-03 - Last updated in NVD database

Technical Details for CVE-2026-0080

Vulnerability Analysis

The vulnerability resides in ubsan_throwing_runtime.cpp, a runtime component associated with UndefinedBehaviorSanitizer (UBSan) error handling. Multiple functions within this file perform arithmetic operations that can wrap when supplied with attacker-controlled values. The resulting integer overflow leads to inconsistent program state and a process crash.

Because the affected code path is reachable remotely and requires only low privileges, an attacker can repeatedly induce crashes to deny service. The vulnerability does not allow code execution or data disclosure, but availability impact is high on affected devices.

Root Cause

The root cause is improper validation of arithmetic operands within UBSan runtime handlers [CWE-190]. When input values exceed the bounds expected by signed or unsigned integer operations, the overflow produces a value that subsequent logic treats as valid. This leads to an abort condition within the runtime, terminating the affected process.

Attack Vector

The attack vector is network-based with low attack complexity. An attacker with low privileges can deliver crafted input that reaches the vulnerable runtime functions. No user interaction is required, and the scope of impact is limited to availability of the targeted process or service. Public proof-of-concept code is not currently available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

The vulnerability mechanism is described in the Android Security Bulletin June 2026. No verified exploit code has been published.

Detection Methods for CVE-2026-0080

Indicators of Compromise

Unexpected process crashes or abort signals originating from components linked against the UBSan runtime
Repeated SIGABRT entries in Android logcat referencing ubsan_throwing_runtime
Sudden spikes in tombstone files under /data/tombstones/ on affected Android devices

Detection Strategies

Monitor Android system logs for recurring crashes tied to UBSan runtime symbols
Correlate crash events with inbound network activity to identify remote triggers
Track device telemetry for abnormal application restart patterns following untrusted input processing

Monitoring Recommendations

Enable centralized collection of Android crash reports and tombstones in your mobile device management (MDM) platform
Alert on crash frequency thresholds exceeded within short time windows on enrolled devices
Review patch-level reporting from devices to confirm coverage of the June 2026 security patch level

How to Mitigate CVE-2026-0080

Immediate Actions Required

Apply the Android security patch level dated 2026-06-01 or later on all managed devices
Inventory devices running Android 14, 15, or 16 and prioritize those without the June 2026 patch
Restrict exposure of vulnerable services to untrusted networks where feasible until patches are deployed

Patch Information

Google released the fix in the Android Security Bulletin June 2026. Device manufacturers (OEMs) distribute the patch through their own update channels. Confirm the security patch level on each device reads 2026-06-01 or later under Settings > About phone > Android version.

Workarounds

No vendor-supplied workaround is documented; patching is the supported remediation
Limit network reachability of affected device services using firewall or network segmentation controls
Enforce MDM policies that block installation of untrusted applications which could deliver crafted input

bash

# Verify Android security patch level via adb
adb shell getprop ro.build.version.security_patch
# Expected output for remediated devices: 2026-06-01 or later

CVE-2026-0080 Overview

Critical Impact
Remote attackers can crash affected Android components without user interaction, causing service disruption on devices running Android 14, 15, and 16 (including QPR2 beta releases).

Affected Products

Google Android 14.0
Google Android 15.0
Google Android 16.0 (including qpr2_beta_1, qpr2_beta_2, qpr2_beta_3)

Discovery Timeline

2026-06-01 - Google publishes fix in Android Security Bulletin
2026-06-01 - CVE-2026-0080 published to NVD
2026-06-03 - Last updated in NVD database

Technical Details for CVE-2026-0080

Vulnerability Analysis

Root Cause

Attack Vector

The vulnerability mechanism is described in the Android Security Bulletin June 2026. No verified exploit code has been published.

Detection Methods for CVE-2026-0080

Indicators of Compromise

Unexpected process crashes or abort signals originating from components linked against the UBSan runtime
Repeated SIGABRT entries in Android logcat referencing ubsan_throwing_runtime
Sudden spikes in tombstone files under /data/tombstones/ on affected Android devices

Detection Strategies

Monitor Android system logs for recurring crashes tied to UBSan runtime symbols
Correlate crash events with inbound network activity to identify remote triggers
Track device telemetry for abnormal application restart patterns following untrusted input processing

Monitoring Recommendations

Enable centralized collection of Android crash reports and tombstones in your mobile device management (MDM) platform
Alert on crash frequency thresholds exceeded within short time windows on enrolled devices
Review patch-level reporting from devices to confirm coverage of the June 2026 security patch level

How to Mitigate CVE-2026-0080

Immediate Actions Required

Apply the Android security patch level dated 2026-06-01 or later on all managed devices
Inventory devices running Android 14, 15, or 16 and prioritize those without the June 2026 patch
Restrict exposure of vulnerable services to untrusted networks where feasible until patches are deployed

Patch Information

Workarounds

No vendor-supplied workaround is documented; patching is the supported remediation
Limit network reachability of affected device services using firewall or network segmentation controls
Enforce MDM policies that block installation of untrusted applications which could deliver crafted input

bash

# Verify Android security patch level via adb
adb shell getprop ro.build.version.security_patch
# Expected output for remediated devices: 2026-06-01 or later

CVE-2026-0080: Google Android DOS Vulnerability

CVE-2026-0080 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-0080

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-0080

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-0080

Immediate Actions Required

Patch Information

Workarounds

Experience the Most Advanced Cybersecurity Platform

CVE-2026-0080: Google Android DOS Vulnerability

CVE-2026-0080 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-0080

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-0080

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-0080

Immediate Actions Required

Patch Information

Workarounds

Experience the Most Advanced Cybersecurity Platform