CVE-2026-0035 · In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic er

01 · The Real Story

This is a valet ticket printed for a car that hasn't arrived yet

CVE-2026-0035 is an Android MediaProvider logic flaw in MediaProvider.java's createRequest path. Google says a local app can gain read/write access tied to non-existent file URIs, which can lead to elevation of privilege without extra permissions or user interaction. The March 2026 Android bulletin marks Android 14, 15, 16, and 16-qpr2 as affected, and the issue sits in the MediaProvider Mainline component rather than a network-facing service.

The vendor's HIGH 8.4 score is technically defensible in a lab because the bug needs no permissions and can affect confidentiality, integrity, and availability on the device. In real enterprise operations, though, the biggest friction is decisive: the attacker must already get a malicious app running locally on the handset. That makes this a post-delivery, on-device abuse primitive with low internet-scale reach, so it lands lower than the vendor baseline for patch-priority purposes.

"Serious on a compromised handset, but not a fleet-wide fire drill: this is a local app-to-data escalation, not a remote entry bug."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Land code as an app on the device

The attacker needs a runnable Android app on the target device, typically via a sideloaded APK, a trojanized app store package, or an already-compromised device-management path. The practical weapon here is a custom APK delivered with normal Android install mechanics such as adb install or a third-party store; there is no remote network trigger in the advisory.

Conditions required:

Attacker can get an app installed or already running on the target Android device
Target runs an affected Android 14/15/16/16-qpr2 build or unpatched MediaProvider Mainline module

Where this breaks in practice:

Managed enterprise fleets often block sideloading
Google Play Protect, MTD/EDR for mobile, and app allowlisting cut the reachable population
This prerequisite already implies a prior compromise or successful malicious-app delivery stage

Detection/coverage: Vulnerability scanners cannot directly see this step from the network. Detection comes from EMM/MDM app inventory, Play Protect alerts, mobile threat defense telemetry, and sideloading audit events.

STEP 02

Abuse MediaStore.createWriteRequest() with invalid URIs

Per Google's patch, pre-fix createRequest failed to reject URIs that did not exist in the Files table. A purpose-built app can call the affected MediaStore request APIs against crafted non-existent content URIs and obtain a permission workflow object that should have been refused. The obvious offensive tooling is a custom PoC APK built straight from the public patch diff.

Conditions required:

Local app execution on the device
Access to Android framework APIs used by MediaStore/MediaProvider

Where this breaks in practice:

No public polished exploit toolkit was found in primary-source search
Android storage semantics and URI handling make reliability dependent on exact device/build behavior

Detection/coverage: Static code review or mobile app behavioral analytics can catch unusual MediaStore.create*Request() usage, but mainstream vuln scanners mostly just infer exposure from Android patch level.

STEP 03

Turn the bad grant into unauthorized file access

From the fix, the likely abuse pattern is that a request was being accepted for a file URI that should not have been grantable because the object did not exist at request time. Inference from the patch: an attacker can then pivot that stale or prematurely-approved request into read/write access once the target file exists or the URI resolves as intended, bypassing the expected validation gate.

Conditions required:

The malformed request is accepted on the vulnerable build
The attacker can line up a file/URI state that makes the bad grant useful

Where this breaks in practice:

Exploitability likely depends on precise URI timing or file-state control
Blast radius is constrained to MediaProvider-managed storage paths, not arbitrary kernel or baseband compromise

Detection/coverage: Low native coverage. Useful signals are abnormal content-provider access patterns, suspicious media/downloads tampering, and app behavior that requests write/delete permissions on unexpected URIs.

STEP 04

Impact user or work data on the handset

Once the attacker gets unauthorized read/write against the targeted media/storage objects, they can steal files, alter documents or media, or destroy content reachable through the provider. On enterprise phones, the practical concern is data exposure and tampering on a compromised handset, not a wormable path across the fleet.

Conditions required:

Successful unauthorized file grant
Valuable data present in affected storage scope

Where this breaks in practice:

Scoped storage, work-profile boundaries, and per-app sandboxing still limit what this bug can touch
There is no direct remote propagation mechanism

Detection/coverage: Post-exploitation detection is mostly behavioral: DLP alerts, anomalous file modifications, and mobile threat defense telemetry. No internet scanner will tell you this happened.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public exploitation evidence found in the Android March 2026 bulletin, and not listed in CISA KEV at time of assessment.
Public PoC availability	No public GitHub/PoC repo located in primary-source search. The public AOSP fix and diff are enough for a capable researcher to build one.
EPSS	`0.00003` (~`0.003%`) from the user-supplied intel: extremely low predicted near-term exploitation.
KEV status	Not KEV-listed as of this assessment; no CISA exploitation date to anchor emergency action.
CVSS vector reality check	`AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` means local-only, no privileges, no user interaction. The `AV:L` term is the whole story: this is not remotely reachable.
Affected versions	Android bulletin lists 14, 15, 16, and 16-qpr2 as affected; NVD also enumerates Android 16 QPR2 beta builds in the CPE history.
Fixed versions / patch anchor	Google states security patch level `2026-03-05` or later addresses all March 2026 issues. Because this is a MediaProvider Mainline issue, vendors may deliver it through OS/security patching and/or Play system component updates.
Exposure / scanability	Not internet-scannable. Shodan/Censys/FOFA/GreyNoise are basically irrelevant here because there is no exposed network service to fingerprint or mass-scan.
Disclosure timeline	Android bulletin published 2026-03-02; NVD shows publication 2026-03-02 and NIST enrichment on 2026-03-03.
Researcher / reporting source	Public credit is not named. The bug is tracked as Android bug `A-418773439` and the fixing commit was authored inside Google's Android source workflow.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (5.9/10)

The decisive downgrading factor is attacker position: this bug only matters after an adversary gets code running as an app on the device. That sharply narrows real-world reach compared with a remotely reachable flaw, even though the on-device impact can be serious.

HIGH Exploit preconditions require local app execution and are materially narrower than the vendor score suggests

MEDIUM Exact abuse mechanics and blast radius beyond the patch diff are partially inferred from the public fix

Why this verdict

Requires local code execution The attacker must already land a malicious app or equivalent code on the handset. In enterprise terms, that means this CVE is usually *post-delivery* rather than an initial-access event, which pushes severity down from the vendor baseline.
Reachable population is limited Only devices on affected Android 14/15/16 branches without the March 5, 2026 fix are in scope, and even then only if app-install controls, Play Protect, or mobile threat defense fail first.
No exploitation heat There is no KEV listing, no public in-the-wild note from Google for this CVE, no public PoC found, and the supplied EPSS is effectively floor-level.

Why not higher?

This is not remotely reachable, not wormable, and not useful without an app foothold on the device. The fleet-wide emergency cases are the bugs that give an outsider entry; this one mostly helps an attacker who is already on the phone.

Why not lower?

Once the app is present, exploitation appears low-complexity and does not need permissions or user interaction. The affected component is also broadly deployed across modern Android releases, so ignoring it would understate the risk to already-compromised devices.

05 · Compensating Control

What to do — in priority order.

Block sideloading — Use EMM/MDM policy to disable unknown-source installs and developer-install paths where business allows it. This directly attacks the key prerequisite for exploitation; for a MEDIUM verdict there is no mitigation SLA — go straight to the 365-day remediation window, but this is still the highest-value preventive control.
Enforce app allowlisting — Restrict installation to approved stores and approved package IDs, especially on COBO/COPE devices. This cuts off the most likely delivery path for a local exploit app; for MEDIUM, there is no mitigation SLA — go straight to the 365-day remediation window.
Turn on mobile threat defense — Enable Play Protect and, if you run it, your MTD agent's detections for suspicious content-provider abuse, unusual storage access, and sideload events. This will not patch the bug, but it raises the cost of operationalizing a malicious APK; for MEDIUM, there is no mitigation SLA — go straight to the 365-day remediation window.
Prioritize unpatched Android 14-16 inventory — Use EMM inventory to find devices below Android security patch level 2026-03-05 and queue them for normal patching. Because this is a Mainline component issue, also verify Play system update posture where your tooling exposes it; for MEDIUM, there is no mitigation SLA — go straight to the 365-day remediation window.

What doesn't work

A network firewall or WAF will not help; there is no remote service to block.
MFA does nothing here; the exploit path is local app execution, not account takeover.
Perimeter vulnerability scanning will miss this; exposure has to be inferred from mobile inventory and patch level, not IP-based scans.

06 · Verification

Crowdsourced verification payload.

Run this on the target Android device via adb shell from an auditor workstation, or push it through an EMM shell if your platform supports that. Example: adb shell 'sh -s' < check-cve-2026-0035.sh. It needs no root and checks the device security patch level against the Android bulletin's fix anchor of 2026-03-05.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/system/bin/sh
# check-cve-2026-0035.sh
# Purpose: infer exposure to CVE-2026-0035 from Android security patch level.
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

TARGET_PATCH="2026-03-05"
TARGET_NUM="20260305"

get_prop() {
  /system/bin/getprop "$1" 2>/dev/null
}

SPL="$(get_prop ro.build.version.security_patch)"
RELEASE="$(get_prop ro.build.version.release)"
BUILD_ID="$(get_prop ro.build.id)"
FINGERPRINT="$(get_prop ro.build.fingerprint)"

if [ -z "$SPL" ]; then
  echo "UNKNOWN - security patch level not available"
  echo "release=${RELEASE:-unknown} build_id=${BUILD_ID:-unknown}"
  exit 2
fi

case "$SPL" in
  ????-??-??) ;;
  *)
    echo "UNKNOWN - unparsable security patch level: $SPL"
    echo "release=${RELEASE:-unknown} build_id=${BUILD_ID:-unknown}"
    exit 2
    ;;
esac

SPL_NUM="$(echo "$SPL" | tr -d '-')"

if [ "$SPL_NUM" -ge "$TARGET_NUM" ] 2>/dev/null; then
  echo "PATCHED - security patch level $SPL is >= $TARGET_PATCH"
  echo "release=${RELEASE:-unknown} build_id=${BUILD_ID:-unknown}"
  exit 0
fi

echo "VULNERABLE - security patch level $SPL is < $TARGET_PATCH"
echo "release=${RELEASE:-unknown} build_id=${BUILD_ID:-unknown}"
if [ -n "$FINGERPRINT" ]; then
  echo "fingerprint=$FINGERPRINT"
fi
exit 1

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: pull your Android inventory, isolate devices on Android 14/15/16 with a security patch level earlier than 2026-03-05, and validate whether your fleet allows sideloading or unapproved app installs. Because this is a MEDIUM reassessment and there is noisgate mitigation SLA for MEDIUM findings, there is no mitigation SLA — go straight to the 365-day remediation window unless your environment has a known malicious-app problem; then tighten install controls immediately. For the actual fix, drive all affected devices to the vendor update containing the 2026-03-05 patch level or later within the noisgate remediation SLA of ≤365 days.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.