Protect.Computer
NEWS

Critical Zero-Interaction Vulnerability (CVE-2026-0049) Patched in Android 14, 15, and 16

· 1 min read
Critical Zero-Interaction Vulnerability (CVE-2026-0049) Patched in Android 14, 15, and 16

Google has released patches for a critical zero-interaction security vulnerability (CVE-2026-0049) affecting Android 14, 15, and 16 devices. The flaw, detailed in the April 2026 Android Security Bulletin, is considered one of the most severe issues addressed this month.

What Happened

The vulnerability, tracked as CVE-2026-0049, allows for a local denial of service (DoS) without requiring any additional execution privileges or user interaction. Zero-interaction (or zero-click) vulnerabilities are highly prized by threat actors because they do not rely on tricking the victim into clicking a malicious link or opening a compromised file.

While the primary documented impact is denial of service, security experts warn that vulnerabilities of this nature in core OS components often serve as stepping stones for more complex exploit chains, potentially leading to remote code execution (RCE) or complete device compromise when combined with other flaws.

The patch was included as part of the broader April 2026 Android Security Bulletin, which addressed numerous vulnerabilities across the Android framework, system components, and vendor-specific closed-source components.

How to check if you’re affected

To determine if your device is vulnerable and to secure it against this flaw, follow these steps:

  1. Check your Android version: Go to Settings > About phone > Android version. If you are running Android 14, 15, or 16, your device may be affected.
  2. Check your Android security update level: In the same Android version menu, look at the “Android security update” date. If the date is April 5, 2026, or later, your device has received the patch for CVE-2026-0049.
  3. Update your device: If your security update level is older than April 5, 2026, go to Settings > System > Software update (or similar, depending on your manufacturer) and check for available updates. Install any pending updates immediately.

Please note that availability of updates depends on your device manufacturer and mobile carrier. Pixel devices typically receive updates first, while other manufacturers may take longer to test and deploy patches.

Sources

Related reading

News
Google reports 90 zero-days exploited in 2025, with enterprise systems heavily targeted

Google tracked 90 in-the-wild zero-days in 2025, with nearly half hitting enterprise products like edge appliances and network infrastructure.

News
CISA Adds Cisco Catalyst SD-WAN Flaws to Known Exploited List

CISA has added eight new vulnerabilities to its KEV catalog, including three critical flaws actively exploited in Cisco Catalyst SD-WAN Manager.

News
BRIDGE:BREAK Flaws Expose 20,000 Serial-to-IP Converters

Researchers identify 22 new vulnerabilities in Lantronix and Silex serial-to-IP converters, putting nearly 20,000 devices at risk globally.

News
Recently Leaked Windows Zero-Days 'BlueHammer', 'RedSun', 'UnDefend' Actively Exploited

Threat actors are actively exploiting three recently leaked Windows zero-day vulnerabilities affecting Microsoft Defender.