Technical description
The Android Framework contains an integer overflow vulnerability (CWE-190) that allows local privilege escalation through code execution. CISA added this to the KEV catalog on June 2, 2026, confirming active in-the-wild exploitation. This is relevant to AI deployments where Android devices run on-device LLM inference (Samsung Galaxy AI, Google Gemini Nano, MediaTek-based AI assistants), AI-driven mobile security tools, or enterprise mobile endpoints with AI agent applications.
Attack vector
Integer overflow in Android Framework allowing local code execution and privilege escalation. Affects devices running vulnerable Android Framework versions.
Affected systems
Android devices with vulnerable Framework versions. The June 2026 Android Security Bulletin contains the fix. On-device AI inference platforms (Gemini Nano, Samsung Galaxy AI, third-party LLM apps) on unpatched Android devices are exposed.
Mitigation
Apply the June 2026 Android Security Bulletin patches from Google or your device OEM. Federal agencies must remediate by June 5, 2026 per BOD 22-01. Enterprise mobile device management (MDM) teams should push patches immediately and verify compliance for devices running AI agent applications.