Tags:

• 2026040600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026040300 release:

• full 2026-04-01 security patch level
• make temporary biometric lockouts into permanent lockouts and ensure only framework can clear lockout to make sure our 5 attempt limit is always properly enforced across devices with different implementations of biometric unlock instead of batches of 5 temporary lockouts followed by permanent lockout after 20 attempts
• Launcher: fix layout for search bar which is broken in upstream AOSP due to lack of a predictive service

All of the Android 16 security patches from the current May 2026, June 2026, July 2026, August 2026, September 2026 and October 2026 Android Security Bulletins are included in the 2026040601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0052, CVE-2026-0073, CVE-2026-0080, CVE-2026-0097, CVE-2026-21352, CVE-2026-21353
• High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079, CVE-2026-0084, CVE-2026-0085, CVE-2026-0086, CVE-2026-0087, CVE-2026-0088, CVE-2026-0089, CVE-2026-0091, CVE-2026-0093, CVE-2026-0094, CVE-2026-0095, CVE-2026-0096, CVE-2026-0098, CVE-2026-0099, CVE-2026-0100, CVE-2026-28572, CVE-2026-28580, CVE-2026-28581

For detailed information on security preview releases, see our post about it.