External risk intelligence

Telecomm Permissions Bypass Enables Unauthorized Calls

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-28615

A permissions bypass in telecommunication functions allows unauthorized phone calls and local privilege escalation without user interaction, posing a risk if reachable or relevant within the environment. The exact telecommunication functions impacted are not specified, leading to uncertainty regarding the scope and bus

Halo Surface Signal

Very unlikely · external exposure

1Halo Surface Signal

The vulnerability involves a permissions bypass within local telecommunications functions on a device. Such functionality is typically restricted to the local device environment and is not designed to be reachable or exposed to the public internet.

Horizon Alert

Summary of the vulnerability and why it matters

This CVE describes a permissions bypass in telecommunications technology that could allow unauthorized phone calls and local privilege escalation without user interaction. The main concern is confirming relevance and exposure.

  • Bypass allows unauthorized calls, escalating privileges.
  • Remember: local privilege escalation without user action.
  • Confirm relevance and exposure for leadership.

Attack Path

How an attacker could exploit the issue

An attacker could initiate an unauthorized phone call by exploiting a permissions bypass in the device's telecommunications functions. This could allow them to escalate privileges on the device without needing further execution rights. The vulnerability can be triggered without any user interaction.

  • Requires no prior access or privileges.
  • Triggered via a permissions bypass.
  • Leads to privilege escalation.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthorized phone call to be initiated without user interaction by bypassing permissions, potentially leading to a local privilege escalation. The specific telecommunications functions affected are not detailed, but a permissions bypass could expose sensitive calling data or service configurations.

  • Sensitive calling data or configurations.
  • Bypassing local permissions.
  • Local privilege escalation.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability affects local telecommunication functions, suggesting that device owners or the platform team managing the operating system's core services are likely responsible. The initial step is to confirm the presence of this vulnerable functionality on devices, assess its criticality, and identify the system owner for remediation planning.

  • Identify responsible platform or device owners.
  • Verify affected device reachability and business impact.
  • Plan coordinated updates or risk mitigation.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-28615 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability allows an unauthorized phone call due to a permissions bypass, which could lead to privilege escalation. This type of vulnerability is likely to cause an ASV scan failure.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is the Telecomm component affected by CVE-2026-28615?

Telecomm is a core system service responsible for managing telephone calls and related communication functions on mobile devices. It acts as the intermediary between the dialer application and the underlying hardware, handling call states and permissions. This CVE specifically concerns the logic that governs authorization for these telephony operations, which is built into the operating system's telephony stack.

What does this vulnerability mean in plain English?

This is a permissions bypass, technically classified as CWE-862 (Missing Authorization). It means the system fails to properly verify if an operation is allowed before executing it. Because of this oversight in the Telecomm service, an unauthorized entity can trigger actions—such as initiating a phone call—that they should not have the permission to perform, effectively tricking the device into granting them elevated control.

How is this vulnerability triggered?

The vulnerability is triggered by interacting with the Telecomm service to initiate a call without the necessary authorization. Crucially, the flaw does not require the device user to click anything, approve a prompt, or even be aware of the action. It is important to note that this is not triggered by standard user activities like browsing the web; it requires specific, targeted interaction with the system's telephony application programming interface.

Why does Halo Surface Signal label this as unlikely to be reached?

Halo Surface Signal assesses this as very unlikely because the affected Telecomm functions are fundamentally designed for the local device environment. These services generally operate in a protected space on the handset and are not intended to be exposed to, or reachable from, the public internet. Accessing these internal telephony controls typically requires existing proximity or specific access to the device's internal software stack.

What should I do if I manage devices with this vulnerability?

Your first step is to confirm whether your specific devices or platforms utilize the affected Telecomm service architecture. Since this involves core system permissions, individual users cannot patch it; you must identify the device manufacturer or platform owners responsible for your operating system updates. Once identified, prioritize these devices for official security updates or vendor-provided patches when they become available.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished