A vulnerability was found in Google Android 16-qpr2 . It has been declared as critical . This affects an unknown function of the file PackageInstallerService.java . Executing a manipulation can lead to permission issues. This vulnerability is registered as CVE-2026-0089 . The attack needs to be launched locally. No exploit is available.