Effective in 2026, to align with our trunk stable development model and ensure platform stability for the ecosystem, we will publish source code to AOSP in Q2 and Q4. For building and contributing to AOSP, we recommend utilizing android-latest-release instead of aosp-main. The android-latest-release manifest branch will always reference the most recent release pushed to AOSP. For more information, see Changes to AOSP.

Android XR Bulletin—February 2026

Published January 5, 2026 XR is releasing a set of patches as part of our Android Security Bulletin Monthly Release process. Review the Security bulletin FAQ article for more details about the security updates and instructions to validate the integrity of the supplied patches.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update consists of the security patch levels of 2026-02-05 or later from the February 2026 Android Security Bulletin in addition to the issues in this bulletin.

For device-specific issues, where necessary, partners should contact the vendor to get an applicable patch.

Announcements

No XR CVE's to disclose.
In addition to the security vulnerabilities described here, we recommend that you also review the February 2026 Android Security Bulletin for the latest patches for the Android platform.
For security reasons, all associated files for the security bulletin are hosted on Google Drive. Please contact your Technical Account Manager if you have any access issues.
All Android Security Bulletin 2026-02-05 security patches are required for SPL compliance

Security patch level

If you address all issues associated with the 2026-02-01 partial security patch level, you should set the value to: [ro.build.version.security_patch]:[2026-02-01].

Partners must make the change to set the security patch level themselves.

Downloads

Download the bulletin machine readable data from this Drive folder.

Versions

Version	Date	Notes
1.0	January 5, 2026	Bulletin Published