Google has officially released the June 2026 Android Security Bulletin , and Xiaomi is expected to begin rolling out the June 2026 Android security patch to eligible Xiaomi, Redmi, and POCO devices this week. While Xiaomi’s OTA changelog may appear brief, the actual security content of this update is much more extensive.
The June 2026 patch includes important fixes for Android Framework, System, kernel, GPU, modem, and chipset components. It also addresses a vulnerability that, according to Google, may already be under limited and targeted exploitation.
Expected changes in Xiaomi’s OTA update
Xiaomi typically keeps its monthly security update changelogs very simple. Users can expect to see a changelog similar to this:
- Android security patch update to June 2026.
- Increased system security.
- Improvement of overall system stability.
However, this brief changelog doesn’t fully explain what’s changed under the hood. The June 2026 Android Security Bulletin contains several critical and high-severity fixes that are important for devices running HyperOS.
Key changes in the June 2026 security patch
- Critical vulnerabilities in the Android Framework have been fixed.
- Multiple vulnerabilities in Android system components have been fixed.
- Improved protection against remote and local privilege escalation risks.
- Fixed denial-of-service and information disclosure vulnerabilities.
- Added core-level security fixes.
- Added security patches from Qualcomm, MediaTek, Unisoc and GPU vendors.
- Improved overall security of the Android platform for compatible devices.
Fixes within the Android framework
One of the most important parts of the June 2026 security patch is the Android Framework section. Google states that the most serious vulnerability in this component could allow remote privilege escalation without requiring additional execute privileges. No user interaction is required for exploitation, making this issue particularly significant.
The Framework section includes fixes for the following notable vulnerabilities:
- CVE-2025-65018 – Critical privilege escalation vulnerability.
- CVE-2025-64720 – Critical Denial of Service Vulnerability.
- CVE-2025-48595 – High Severity Privilege Escalation Vulnerability.
Google also notes that CVE-2025-48595 may be under limited and targeted exploitation . This makes the June 2026 patch more important than a regular monthly security update.
Android system component fixes
The Android System component has also received a large number of security fixes. According to Google, the most serious vulnerability in this section could allow local privilege escalation without requiring additional execute privileges. No user interaction is necessary for exploitation.
Some of the critical system vulnerabilities addressed in this update are:
- CVE-2026-0043
- CVE-2026-0097
- CVE-2026-21352
- CVE-2026-21353
- CVE-2025-64505
- CVE-2026-0039
- CVE-2026-0040
- CVE-2026-0041
- CVE-2026-0042
- CVE-2026-0044
- CVE-2026-0051
- CVE-2026-0052
- CVE-2026-0080
These fixes improve protection against the risks of privilege escalation, denial of service, information disclosure, and remote code execution on Android-based devices.
2026-06-01 vs 2026-06-05 Patch level
El boletín de seguridad de Android de junio de 2026 se divide en dos niveles de parches de seguridad. Esto es importante porque no todos los dispositivos reciben siempre el mismo nivel de parche al mismo tiempo.
2026-06-01 Nivel de parche de seguridad
- Incluye correcciones de seguridad de Android Framework.
- Incluye correcciones de componentes del Sistema Android.
- Se centra en las principales vulnerabilidades de la plataforma Android.
- Se aplica a las versiones compatibles de Android 14, Android 15, Android 16 y Android 16 QPR2.
2026-06-05 Nivel del parche de seguridad
- Incluye todas las correcciones de seguridad 2026-06-01.
- Añade parches de seguridad del kernel de Android.
- Añade correcciones de componentes de Qualcomm.
- Añade correcciones de componentes de código cerrado de Qualcomm.
- Añade correcciones para el módem MediaTek, el precargador y geniezone.
- Añade correcciones de seguridad del módem Unisoc.
- Añade correcciones de seguridad de la GPU Imagination PowerVR.
Para los usuarios de Xiaomi, el nivel de parche 2026-06-05 es más importante porque incluye correcciones a nivel de proveedor para chipsets y componentes de hardware utilizados en muchos dispositivos Xiaomi, Redmi y POCO.
Correcciones de seguridad de proveedores
El parche completo de junio de 2026 también incluye varias actualizaciones de seguridad específicas de proveedores. Éstas son especialmente importantes para los dispositivos que utilizan las plataformas Qualcomm Snapdragon y MediaTek Dimensity.
- Kernel: Corregida una vulnerabilidad de alta gravedad en el subcomponente Red.
- GPU Imagination PowerVR: Corregidas varias vulnerabilidades de alta gravedad de la GPU.
- MediaTek: Corregidos los problemas de seguridad del módem, del precargador y de geniezone.
- Unisoc: Corregidas múltiples vulnerabilidades relacionadas con el módem.
- Qualcomm: Corregidas vulnerabilidades del componente Display.
- Componentes de código cerrado de Qualcomm: Corregidas varias vulnerabilidades críticas y de alta gravedad.
Por qué es importante esta actualización para los usuarios de Xiaomi
El parche de seguridad de junio de 2026 es importante para los usuarios de Xiaomi, Redmi y POCO porque no sólo incluye correcciones básicas del sistema Android. También parchea vulnerabilidades a nivel de chipset que pueden afectar al módem, la pantalla, la GPU y otros componentes de bajo nivel.
- Muchos dispositivos Xiaomi utilizan chipsets Qualcomm Snapdragon.
- Muchos modelos Redmi y POCO utilizan chipsets MediaTek Dimensity.
- Los parches de los proveedores pueden mejorar la protección más allá del propio sistema operativo Android.
- Puede que la actualización no añada nuevas funciones, pero mejora la base de seguridad de HyperOS.
Lanzamiento del parche de seguridad Xiaomi de junio de 2026
Xiaomi is expected to begin rolling out the June 2026 security patch this week. The initial rollout will likely target select flagship and mid-to-high-end models before expanding to more Xiaomi, Redmi, and POCO devices.
Deployment availability may depend on several factors:
- Device model
- Region
- HyperOS version
- Base version of Android
- Status of internal testing
- Regional and operator approval process
Some devices may receive the update first in China, while the Global, EEA, India, Turkey, Indonesia, Taiwan and other regional versions may arrive later.
Should you install this update?
Yes. Xiaomi, Redmi, and POCO users should install the June 2026 security patch as soon as it becomes available. This update may not bring any visible changes to the interface, but it includes important protection against critical Android Framework and System vulnerabilities.
- It improves protection against the risks of privilege escalation.
- Fixes critical Android Framework and System issues.
- It includes vendor-level security patches from Qualcomm and MediaTek.
- It addresses a vulnerability that may already be under limited, specific exploitation.
- It strengthens the overall security of HyperOS devices.
Conclusion
Xiaomi’s June 2026 security patch is expected to begin rolling out this week, bringing significant Android security improvements. While the official Xiaomi OTA changelog only mentions system security enhancements, the actual update includes critical Framework fixes, system patches, kernel updates, and vendor-level security improvements for Qualcomm, MediaTek, Unisoc, and GPU components.
This month’s patch is especially important because Google has warned that a vulnerability may already be under limited selective exploitation. Xiaomi, Redmi, and POCO users should install the update as soon as it becomes available for their device.
