CVE-2026-0114
Published: 10 March 2026
Description
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely identification, reporting, and remediation of the out-of-bounds write flaw in the Android Modem component.
Mandates validation of information inputs to the Modem, preventing the out-of-bounds write caused by the incorrect bounds check on network data.
Implements memory safeguards such as non-executable regions and randomization to mitigate remote code execution from the Modem's out-of-bounds write vulnerability.
Security SummaryAI
CVE-2026-0114 is a vulnerability in the Modem component of Android systems, involving an out-of-bounds write due to an incorrect bounds check, classified under CWE-787. Published on 2026-03-10, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity. The issue affects Android devices, with specific details covered in general and Pixel-focused security bulletins.
Remote attackers can exploit this vulnerability over the network without authentication, privileges, or user interaction. Successful exploitation enables remote code execution, granting high-impact access to confidentiality, integrity, and availability on the targeted device.
Android security advisories at https://source.android.com/docs/security/bulletin/2026/2026-03-01 and https://source.android.com/docs/security/bulletin/pixel/2026/2026-03-01 provide details on patches and mitigation for affected versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2026-0114 enables unauthenticated remote code execution by exploiting an out-of-bounds write in the public-facing Android Modem component over the network.