Google’s June 2026 security bulletin: 124 vulnerabilities fixed, including a high-severity framework flaw affecting Android 14, 15 & 16 devices
Google has officially released the Android Security Bulletin for June 2026, which patches 124 vulnerabilities, including a most severe critical security vulnerability.
Android Security Bulletin: June 2026
The security patch level released on June 1 contains Framework, System and Google Play System Updates fixes, and the security patch delivered today contains Kernel, Imagination Technologies, MediaTek components, Unisoc components, and Qualcomm closed-source components upgrades.
It patches 124 vulnerabilities, including CVE-2025-48595, a high-severity framework flaw enabling privilege escalation with user interaction on Android 14, 15 & 16 devices. According to Google, this vulnerability may have already been exploited. The 2025-06-01 patch level includes multiple critical fixes:
Framwork
- CVE-2025-65018
- CVE-2025-64720
System
- CVE-2026-0043
- CVE-2026-0097
- CVE-2026-21352
- CVE-2026-21353
- CVE-2026-64505
- CVE-2026-0039
- CVE-2026-0040
- CVE-2026-0041
- CVE-2026-0042
- CVE-2026-0044
- CVE-2026-0051
- CVE-2026-0052
- CVE-2026-0080
The 2025-06-05 also includes critical fixes for Qualcomm closed-source components:
Qualcomm closed-source components
- CVE-2025-47392
- CVE-2026-25276
- CVE-2026-25277
The June 2026 fixes are available through security patch levels 2026-06-01 and 2026-06-05, with the latter incorporating all fixes from both patch levels. Users are advised to update immediately when the June 2026 patch becomes available.
