GrapheneOS releases
grapheneos.org
Official releases of GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.

Tags:

  • 2026050600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026050400 release:

  • update Pixel firmware, driver libraries, HALs and other components backported from Android 16 QPR3 from the initial March 2026 release to the May 2026 release (CP1A.260505.005.A1)
  • Contact Scopes: add missing handling for QUERY_DEFAULT_ACCOUNT_FOR_NEW_CONTACTS_METHOD was added in Android 16
  • backport fix for stuck IME input from May 2026 Pixel update
  • bionic: avoid adding an extra guard page below the main thread’s pthread_internal_t since it serves no purpose (the stack is in a dedicated mapping from the kernel so the stack guard is immediately below pthread_internal_t) and it causes a crash for incorrect anti-tampering code shared across many banking apps which reads /proc/self/maps to find the main thread’s thread-local data including pthread_internal_t based on mapping name and then tries to access the internal libc data stored in an entirely internal libc format without checking if there’s a guard page (these anti-tampering checks serve no valid security purpose, cause these apps to break on major Android releases and hinder OS security hardening due to compatibility issues with their incorrect code)
  • bionic: remove unnecessary extra naming for mappings to avoid 2 extra system calls for creating a thread
  • adevtool: fix update-carrier-settings command

All of the Android 16 security patches from the current June 2026, July 2026, August 2026, September 2026, October 2026 and November 2026 Android Security Bulletins are included in the 2026050601 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0051, CVE-2026-0052, CVE-2026-0080, CVE-2026-0097, CVE-2026-21352, CVE-2026-21353, CVE-2026-27280, CVE-2026-28590, CVE-2026-28591
  • High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0008, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079, CVE-2026-0084, CVE-2026-0085, CVE-2026-0086, CVE-2026-0087, CVE-2026-0088, CVE-2026-0089, CVE-2026-0091, CVE-2026-0093, CVE-2026-0094, CVE-2026-0095, CVE-2026-0096, CVE-2026-0098, CVE-2026-0099, CVE-2026-0100, CVE-2026-28572, CVE-2026-28574, CVE-2026-28577, CVE-2026-28578, CVE-2026-28580, CVE-2026-28581, CVE-2026-28582, CVE-2026-28583, CVE-2026-28585, CVE-2026-28586, CVE-2026-28588, CVE-2026-28594, CVE-2026-28596, CVE-2026-28602

For detailed information on security preview releases, see our post about it.