CVE-2025-48646 PUBLISHED

Assigner: google_android
Reserved: 22.05.2025 Published: 02.03.2026 Updated: 06.03.2026

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Product Status

Vendor	Google
Product	Android
Versions	Default: unaffected Version 16-qpr2 is affected Version 16 is affected Version 15 is affected Version 14 is affected

References

https://source.android.com/docs/security/bulletin/2026/2026-03-01

Problem Types

Elevation of privilege