CVE-2026-39866 | LawnchairLauncher lawnchair on Android release_update.yml command injection (GHSA-9prc-pp2c-3427)

A vulnerability, which was classified as critical, has been found in LawnchairLauncher lawnchair on Android. The impacted element is an unknown function of the file release_update.yml. This manipulation causes command injection.

This vulnerability is tracked as CVE-2026-39866. The attack is possible to be carried out remotely. No exploit exists.

To fix this issue, it is recommended to deploy a patch.VulDB Recent EntriesRead More