Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-0136

CVE-2026-0136: Google Android Modem DOS Vulnerability

CVE-2026-0136 is a denial of service vulnerability in Google Android Modem caused by an out of bounds read. Remote attackers can trigger DOS without user interaction. This article covers technical details, impact, and mitigations.

Published:

CVE-2026-0136 Overview

CVE-2026-0136 is an out-of-bounds read vulnerability in the Android Modem component caused by a missing bounds check [CWE-120]. An attacker can trigger the flaw remotely over the network without user interaction. Successful exploitation results in a denial of service condition affecting modem availability. The vulnerability does not grant additional execution privileges or expose confidential data. Google addressed the issue in the June 2026 Android Security Bulletin.

Critical Impact

Remote attackers can disrupt Android Modem availability without user interaction, causing denial of service on affected devices.

Affected Products

  • Google Android (per the Android Security Bulletin June 2026)
  • Pixel devices running affected Android builds
  • Devices using the vulnerable Modem component referenced in the Pixel bulletin

Discovery Timeline

  • 2026-06-16 - CVE-2026-0136 published to the National Vulnerability Database
  • 2026-06-01 - Google publishes the Android Security Bulletin June 2026 addressing the issue
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-0136

Vulnerability Analysis

The vulnerability resides in the Android Modem component and is classified as an out-of-bounds read under [CWE-120]. The flaw allows an attacker reachable over the network to read memory outside the intended buffer boundaries. The read condition destabilizes modem processing logic and results in a denial of service. Confidentiality and integrity are not impacted, but availability of the modem subsystem is disrupted.

The Common Weakness Enumeration mapping to CWE-120 reflects a buffer copy operation without sufficient validation of input size. Attackers do not need to interact with the user or chain additional flaws to trigger the condition.

Root Cause

The root cause is a missing bounds check in the Modem component when processing attacker-influenced input. Without proper validation of length or index values, the component reads beyond an allocated buffer. The over-read corrupts internal state or accesses invalid memory, leading to a crash of the modem service.

Attack Vector

The attack vector is network-based. An attacker with low privileges sends crafted input to the Modem component to trigger the out-of-bounds read. User interaction is not required. The result is a denial of service against the affected device's modem functionality. No verified proof-of-concept exploit is publicly available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

No verified exploitation code is publicly available. Refer to the Android Security Bulletin June 2026 for technical details from the vendor.

Detection Methods for CVE-2026-0136

Indicators of Compromise

  • Unexpected modem service crashes or restarts on Android devices
  • Loss of cellular connectivity correlated with network-delivered traffic to the device
  • Logcat entries referencing modem component faults or radio interface layer (RIL) failures

Detection Strategies

  • Monitor Android device logs for repeated modem subsystem crashes or kernel panics referencing the radio process
  • Correlate cellular service interruptions across managed device fleets to identify clustered failure patterns
  • Track the Android security patch level (ro.build.version.security_patch) across managed devices to identify devices missing the June 2026 patch

Monitoring Recommendations

  • Use enterprise mobility management (EMM) or mobile device management (MDM) tooling to enforce reporting of patch level and crash telemetry
  • Alert on devices reporting recurring radio or modem restart events
  • Maintain visibility into device patch compliance against the latest Android Security Bulletin

How to Mitigate CVE-2026-0136

Immediate Actions Required

  • Apply the June 2026 Android security patch to all affected devices as documented in the Android Security Bulletin June 2026
  • Inventory all Android devices and confirm patch level is 2026-06-01 or later
  • Prioritize patching for devices exposed to untrusted cellular or network environments

Patch Information

Google released the fix in the June 2026 Android Security Bulletin. Devices must be updated to a security patch level of 2026-06-01 or later. Pixel device users receive the update through Google's monthly patch cycle. Other Android vendors deliver the patch on their own release schedules, so administrators should validate vendor-specific update availability.

Workarounds

  • No vendor-supplied workaround is documented; patching is the primary remediation
  • Restrict device exposure to untrusted networks where feasible until the patch is applied
  • Enforce MDM policies that require timely installation of vendor security updates
bash
# Verify Android security patch level on a connected device
adb shell getprop ro.build.version.security_patch
# Expected output for remediated devices: 2026-06-01 or later

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne