A vulnerability, which was classified as critical , has been found in Google Android 14/15/16/16-qpr2 . The affected element is the function addWindow of the file WindowManagerService.java . This manipulation causes improper restriction of rendered ui layers. The identification of this vulnerability is CVE-2026-28577 . It is possible to initiate the attack remotely. There is no exploit available.