CVE-2026-0634 PUBLISHED

Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G

Assigner: TECNOMobile
Reserved: 06.01.2026 Published: 02.04.2026 Updated: 02.04.2026

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.

Product Status

Vendor TECNO Mobile
Product TECNO Pova7 Pro 5G
Versions Default: unaffected
  • Version HiOS V15.1.0 is affected

References

Problem Types

  • CWE-88 Improper neutralization of argument delimiters in a command ('argument injection') CWE

Impacts

  • CAPEC-248 Command Injection