CVE-2016-6754

Name: CVE-2016-6754
Creator: NVD / NIST
Published: 2016-11-25T16:59:59.01+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.59%

Last modified Jun 17, 2026

CVE-2016-6754 is a vulnerability of currently unknown severity. A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. EPSS estimates a 4.59% chance of exploitation in the next 30 days.

Description

A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code execution in an unprivileged process. Android ID: A-31217937.

Metrics

EPSS Probability

4.59%

90.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-74

Affected Software

Vendor	Product	Versions
Google	Android	<= 6.0.1
Google	Android	5.0
Google	Android	5.0.1
Google	Android	5.1
Google	Android	5.1.0
Google	Android	6.0

References

Timeline

Published: Nov 25, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-6754?

How severe is CVE-2016-6754?

Severity scoring for CVE-2016-6754 is pending analysis. The EPSS model estimates a 4.59% probability of exploitation in the next 30 days.

How do I fix CVE-2016-6754?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6754?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST