A vulnerability identified as critical has been detected in Google Android . The affected element is the function lwis_io_buffer_write of the file lwis_io_buffer.c . This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2026-0138 . The attack requires local access. There is no available exploit.