Search criteria

553 vulnerabilities

CVE-2026-21038 (GCVE-0-2026-21038)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:07
VLAI?
Summary
Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:06:51.090792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:07:05.482Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Android USB Driver for Windows",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.9.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20: Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:45.639Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21038",
    "datePublished": "2026-06-05T10:15:45.639Z",
    "dateReserved": "2025-12-11T01:33:35.806Z",
    "dateUpdated": "2026-06-05T19:07:05.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21037 (GCVE-0-2026-21037)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:09
VLAI?
Summary
Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Members Unaffected: 5.8.01.5 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21037",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:08:50.434987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:09:05.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Members",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "5.8.01.5",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20: Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:44.525Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21037",
    "datePublished": "2026-06-05T10:15:44.525Z",
    "dateReserved": "2025-12-11T01:33:35.806Z",
    "dateUpdated": "2026-06-05T19:09:05.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21036 (GCVE-0-2026-21036)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:09
VLAI?
Summary
Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
CWE
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Internet Unaffected: 30.0.0.39 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:09:30.830717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:09:43.802Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Internet",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "30.0.0.39",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-285: Improper Authorization",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:43.393Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21036",
    "datePublished": "2026-06-05T10:15:43.393Z",
    "dateReserved": "2025-12-11T01:33:35.806Z",
    "dateUpdated": "2026-06-05T19:09:43.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21035 (GCVE-0-2026-21035)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:10
VLAI?
Summary
Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Plus TV Unaffected: 1.0.28.6 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21035",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:10:07.638631Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:10:21.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Plus TV",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.0.28.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20: Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:42.245Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21035",
    "datePublished": "2026-06-05T10:15:42.245Z",
    "dateReserved": "2025-12-11T01:33:35.806Z",
    "dateUpdated": "2026-06-05T19:10:21.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21034 (GCVE-0-2026-21034)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:11
VLAI?
Summary
Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Auto Unaffected: 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:10:51.306671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:11:07.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Auto",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "3.1.2.61 in Android 15 and 3.2.0.38 in Android 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926: Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:41.140Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21034",
    "datePublished": "2026-06-05T10:15:41.140Z",
    "dateReserved": "2025-12-11T01:33:35.806Z",
    "dateUpdated": "2026-06-05T19:11:07.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21033 (GCVE-0-2026-21033)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:11
VLAI?
Summary
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Assistant Unaffected: 9.3.14 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:11:32.615472Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:11:52.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Assistant",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9.3.14",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926: Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:40.015Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21033",
    "datePublished": "2026-06-05T10:15:40.015Z",
    "dateReserved": "2025-12-11T01:33:35.806Z",
    "dateUpdated": "2026-06-05T19:11:52.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21032 (GCVE-0-2026-21032)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:13
VLAI?
Summary
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Assistant Unaffected: 9.3.14 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:13:08.278194Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:13:20.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Assistant",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "9.3.14",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926: Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:38.908Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21032",
    "datePublished": "2026-06-05T10:15:38.908Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T19:13:20.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21031 (GCVE-0-2026-21031)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:13
VLAI?
Summary
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
CWE
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:13:41.930909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:13:55.561Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-285: Improper Authorization",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:37.801Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21031",
    "datePublished": "2026-06-05T10:15:37.801Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T19:13:55.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21030 (GCVE-0-2026-21030)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:15
VLAI?
Summary
Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
CWE
  • CWE-284 - Improper Access Control
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21030",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:14:53.658394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:15:09.137Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-284: Improper Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:36.588Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21030",
    "datePublished": "2026-06-05T10:15:36.588Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T19:15:09.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21029 (GCVE-0-2026-21029)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:18
VLAI?
Summary
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:17:58.344232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:18:09.644Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926: Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:35.451Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21029",
    "datePublished": "2026-06-05T10:15:35.451Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T19:18:09.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21028 (GCVE-0-2026-21028)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:06
VLAI?
Summary
Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:06:08.903826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:06:23.102Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-284 Improper Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:34.370Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21028",
    "datePublished": "2026-06-05T10:15:34.370Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T19:06:23.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21027 (GCVE-0-2026-21027)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 19:04
VLAI?
Summary
Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21027",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T19:03:31.298696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T19:04:16.367Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926 : Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:33.221Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21027",
    "datePublished": "2026-06-05T10:15:33.221Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T19:04:16.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21026 (GCVE-0-2026-21026)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 18:37
VLAI?
Summary
Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21026",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T18:37:03.191200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T18:37:18.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926 : Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:32.088Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21026",
    "datePublished": "2026-06-05T10:15:32.088Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T18:37:18.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21025 (GCVE-0-2026-21025)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:15 – Updated: 2026-06-05 18:36
VLAI?
Summary
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T18:35:52.931993Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T18:36:06.989Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:15:30.636Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21025",
    "datePublished": "2026-06-05T10:15:30.636Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-06-05T18:36:06.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21017 (GCVE-0-2026-21017)

Vulnerability from cvelistv5 – Published: 2026-06-05 10:14 – Updated: 2026-06-05 18:34
VLAI?
Summary
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jun-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-05T18:34:09.387094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-05T18:34:20.535Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Jun-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-280 Improper handling of insufficient permissions or privileges",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-05T10:14:55.216Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21017",
    "datePublished": "2026-06-05T10:14:55.216Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-06-05T18:34:20.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21024 (GCVE-0-2026-21024)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-13 14:43
VLAI?
Summary
Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung System Support Service Unaffected: 8.0.8.0 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21024",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T14:42:59.998464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T14:43:07.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung System Support Service",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8.0.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:26.795Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21024",
    "datePublished": "2026-05-13T04:56:26.795Z",
    "dateReserved": "2025-12-11T01:33:35.805Z",
    "dateUpdated": "2026-05-13T14:43:07.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21022 (GCVE-0-2026-21022)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-13 10:50
VLAI?
Summary
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21022",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T10:45:33.478455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T10:50:04.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-280 Improper handling of insufficient permissions or privileges",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:25.606Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21022",
    "datePublished": "2026-05-13T04:56:25.606Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-13T10:50:04.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21021 (GCVE-0-2026-21021)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-13 10:50
VLAI?
Summary
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21021",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T10:46:08.173976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T10:50:19.032Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20: Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:24.490Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21021",
    "datePublished": "2026-05-13T04:56:24.490Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-13T10:50:19.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21020 (GCVE-0-2026-21020)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-13 14:42
VLAI?
Summary
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
CWE
  • CWE-926 - Improper Export of Android Application Components
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T14:42:29.766432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T14:42:38.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-926: Improper Export of Android Application Components",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:23.189Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21020",
    "datePublished": "2026-05-13T04:56:23.189Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-13T14:42:38.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21019 (GCVE-0-2026-21019)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-14 03:56
VLAI?
Summary
Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android Watch 14, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:56:00.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android Watch 14, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20: Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:22.067Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21019",
    "datePublished": "2026-05-13T04:56:22.067Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-14T03:56:00.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21018 (GCVE-0-2026-21018)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-14 10:32
VLAI?
Summary
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21018",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T03:56:03.326394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T10:32:16.901Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:20.889Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21018",
    "datePublished": "2026-05-13T04:56:20.889Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-14T10:32:16.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21016 (GCVE-0-2026-21016)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-13 14:40
VLAI?
Summary
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T14:40:25.327606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T14:40:33.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:19.751Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21016",
    "datePublished": "2026-05-13T04:56:19.751Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-13T14:40:33.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21015 (GCVE-0-2026-21015)

Vulnerability from cvelistv5 – Published: 2026-05-13 04:56 – Updated: 2026-05-13 14:39
VLAI?
Summary
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR May-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T14:39:33.955650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T14:39:41.328Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR May-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-276: Incorrect Default Permissions",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T04:56:18.373Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=05"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21015",
    "datePublished": "2026-05-13T04:56:18.373Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-05-13T14:39:41.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21023 (GCVE-0-2026-21023)

Vulnerability from cvelistv5 – Published: 2026-04-29 04:46 – Updated: 2026-04-29 12:41
VLAI?
Summary
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
CWE
  • CWE-345 - Insufficient Verification of Data Authenticity
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Mar-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21023",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T12:35:05.386527Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T12:41:12.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Mar-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-29T04:46:46.051Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=03"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21023",
    "datePublished": "2026-04-29T04:46:46.051Z",
    "dateReserved": "2025-12-11T01:33:35.804Z",
    "dateUpdated": "2026-04-29T12:41:12.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21010 (GCVE-0-2026-21010)

Vulnerability from cvelistv5 – Published: 2026-04-13 05:10 – Updated: 2026-04-13 13:55
VLAI?
Summary
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Apr-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T13:54:50.433029Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T13:55:06.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Apr-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20 Improper Input Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T05:10:06.268Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21010",
    "datePublished": "2026-04-13T05:10:06.268Z",
    "dateReserved": "2025-12-11T01:33:35.803Z",
    "dateUpdated": "2026-04-13T13:55:06.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21008 (GCVE-0-2026-21008)

Vulnerability from cvelistv5 – Published: 2026-04-13 05:09 – Updated: 2026-04-13 13:57
VLAI?
Summary
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
CWE
  • CWE-200 - Exposure of Sensitive Information
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Apr-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T13:57:43.584386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T13:57:52.407Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Apr-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-200: Exposure of Sensitive Information",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T05:09:40.420Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21008",
    "datePublished": "2026-04-13T05:09:40.420Z",
    "dateReserved": "2025-12-11T01:33:35.803Z",
    "dateUpdated": "2026-04-13T13:57:52.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21014 (GCVE-0-2026-21014)

Vulnerability from cvelistv5 – Published: 2026-04-13 05:04 – Updated: 2026-04-13 14:31
VLAI?
Summary
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
CWE
  • CWE-284 - Improper Access Control
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Camera Unaffected: 16.5.00.28 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21014",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T14:25:26.441916Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T14:31:18.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Camera",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "16.5.00.28",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-284: Improper Access Control",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T05:04:48.621Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21014",
    "datePublished": "2026-04-13T05:04:48.621Z",
    "dateReserved": "2025-12-11T01:33:35.803Z",
    "dateUpdated": "2026-04-13T14:31:18.617Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21013 (GCVE-0-2026-21013)

Vulnerability from cvelistv5 – Published: 2026-04-13 05:04 – Updated: 2026-04-13 14:35
VLAI?
Summary
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.
CWE
  • CWE-276 - Incorrect Default Permission
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Galaxy Wearable Unaffected: 2.2.68.26 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T14:34:54.695158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T14:35:12.877Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Galaxy Wearable",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "2.2.68.26",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-276: Incorrect Default Permission",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T05:04:45.232Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21013",
    "datePublished": "2026-04-13T05:04:45.232Z",
    "dateReserved": "2025-12-11T01:33:35.803Z",
    "dateUpdated": "2026-04-13T14:35:12.877Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21012 (GCVE-0-2026-21012)

Vulnerability from cvelistv5 – Published: 2026-04-13 05:04 – Updated: 2026-04-13 13:09
VLAI?
Summary
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
CWE
  • CWE-73 - External Control of File Name or Path
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Apr-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T13:09:23.837833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T13:09:30.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Apr-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T05:04:42.068Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21012",
    "datePublished": "2026-04-13T05:04:42.068Z",
    "dateReserved": "2025-12-11T01:33:35.803Z",
    "dateUpdated": "2026-04-13T13:09:30.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-21011 (GCVE-0-2026-21011)

Vulnerability from cvelistv5 – Published: 2026-04-13 05:04 – Updated: 2026-04-13 13:09
VLAI?
Summary
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Unaffected: SMR Apr-2026 Release in Android 14, 15, 16 , < * (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-13T13:08:59.947618Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-13T13:09:06.730Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "SMR Apr-2026 Release in Android 14, 15, 16",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "PHYSICAL",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T05:04:38.410Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "SamsungMobile"
      },
      "references": [
        {
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=04"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "SamsungMobile",
    "cveId": "CVE-2026-21011",
    "datePublished": "2026-04-13T05:04:38.410Z",
    "dateReserved": "2025-12-11T01:33:35.803Z",
    "dateUpdated": "2026-04-13T13:09:06.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}