CVE-2026-0634

Summary

Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as system via command injection.

Affected Software

VendorProductVersion RangeStatus
TECNO MobileTECNO Pova7 Pro 5GHiOS V15.1.0affected

Weaknesses

  • CWE-88: CWE-88 Improper neutralization of argument delimiters in a command ('argument injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References