Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2681 vulnerabilities by Samsung Mobile

    CVE-2026-21057 (GCVE-0-2026-21057)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:30
    VLAI
    Summary
    Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Pass Unaffected: 5.2.10.3 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:24:50.936899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:30:25.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Pass",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "5.2.10.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20 Improper input validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:21.040Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21057",
        "datePublished": "2026-07-10T04:58:21.040Z",
        "dateReserved": "2025-12-11T01:33:35.821Z",
        "dateUpdated": "2026-07-10T11:30:25.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21056 (GCVE-0-2026-21056)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Health Unaffected: 7.00.0.107 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Health",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.00.0.107",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:19.968Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21056",
        "datePublished": "2026-07-10T04:58:19.968Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T04:58:19.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21055 (GCVE-0-2026-21055)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:39
    VLAI
    Summary
    Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Bixby Unaffected: 4.0.70.8 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:39:13.489419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:39:27.272Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Bixby",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.0.70.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-926: Improper Export of Android Application Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:18.785Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21055",
        "datePublished": "2026-07-10T04:58:18.785Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:39:27.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21054 (GCVE-0-2026-21054)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:40
    VLAI
    Summary
    Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile InputSharing Unaffected: 2.7.01.4 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:39:52.231620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:40:14.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "InputSharing",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.7.01.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-926: Improper Export of Android Application Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:17.352Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21054",
        "datePublished": "2026-07-10T04:58:17.352Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:40:14.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21053 (GCVE-0-2026-21053)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:41
    VLAI
    Summary
    Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Email Unaffected: 6.2.13.1 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:40:42.601599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:41:13.002Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Email",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6.2.13.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20 Improper input validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:16.247Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21053",
        "datePublished": "2026-07-10T04:58:16.247Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:41:13.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21052 (GCVE-0-2026-21052)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:41
    VLAI
    Summary
    Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:41:40.180868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:41:50.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-22 Path traversal",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:15.141Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21052",
        "datePublished": "2026-07-10T04:58:15.141Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:41:50.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21051 (GCVE-0-2026-21051)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:45
    VLAI
    Summary
    Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:45:03.619826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:45:14.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:13.915Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21051",
        "datePublished": "2026-07-10T04:58:13.915Z",
        "dateReserved": "2025-12-11T01:33:35.819Z",
        "dateUpdated": "2026-07-10T11:45:14.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21050 (GCVE-0-2026-21050)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:12.835Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21050",
        "datePublished": "2026-07-10T04:58:12.835Z",
        "dateReserved": "2025-12-11T01:33:35.817Z",
        "dateUpdated": "2026-07-10T04:58:12.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21049 (GCVE-0-2026-21049)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 12:18
    VLAI
    Summary
    Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T12:18:02.233830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:18:10.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:11.656Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21049",
        "datePublished": "2026-07-10T04:58:11.656Z",
        "dateReserved": "2025-12-11T01:33:35.817Z",
        "dateUpdated": "2026-07-10T12:18:10.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21048 (GCVE-0-2026-21048)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:10.507Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21048",
        "datePublished": "2026-07-10T04:58:10.507Z",
        "dateReserved": "2025-12-11T01:33:35.817Z",
        "dateUpdated": "2026-07-10T04:58:10.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21046 (GCVE-0-2026-21046)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 12:22
    VLAI
    Summary
    Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T12:22:30.313712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:22:37.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:09.129Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21046",
        "datePublished": "2026-07-10T04:58:09.129Z",
        "dateReserved": "2025-12-11T01:33:35.816Z",
        "dateUpdated": "2026-07-10T12:22:37.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21045 (GCVE-0-2026-21045)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:07.917Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21045",
        "datePublished": "2026-07-10T04:58:07.917Z",
        "dateReserved": "2025-12-11T01:33:35.816Z",
        "dateUpdated": "2026-07-10T04:58:07.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21044 (GCVE-0-2026-21044)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Impoper Privilege Management",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:06.743Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21044",
        "datePublished": "2026-07-10T04:58:06.743Z",
        "dateReserved": "2025-12-11T01:33:35.816Z",
        "dateUpdated": "2026-07-10T04:58:06.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21043 (GCVE-0-2026-21043)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 12:24
    VLAI
    Summary
    Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T12:23:55.935653Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:24:07.905Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-35: Path Traversal",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:05.222Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21043",
        "datePublished": "2026-07-10T04:58:05.222Z",
        "dateReserved": "2025-12-11T01:33:35.816Z",
        "dateUpdated": "2026-07-10T12:24:07.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21042 (GCVE-0-2026-21042)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 12:26
    VLAI
    Summary
    Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T12:26:50.875275Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:26:58.563Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:04.139Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21042",
        "datePublished": "2026-07-10T04:58:04.139Z",
        "dateReserved": "2025-12-11T01:33:35.815Z",
        "dateUpdated": "2026-07-10T12:26:58.563Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21041 (GCVE-0-2026-21041)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:03.043Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21041",
        "datePublished": "2026-07-10T04:58:03.043Z",
        "dateReserved": "2025-12-11T01:33:35.815Z",
        "dateUpdated": "2026-07-10T04:58:03.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21040 (GCVE-0-2026-21040)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:01.879Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21040",
        "datePublished": "2026-07-10T04:58:01.879Z",
        "dateReserved": "2025-12-11T01:33:35.815Z",
        "dateUpdated": "2026-07-10T04:58:01.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21039 (GCVE-0-2026-21039)

    Vulnerability from nvd – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:00.790Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21039",
        "datePublished": "2026-07-10T04:58:00.790Z",
        "dateReserved": "2025-12-11T01:33:35.808Z",
        "dateUpdated": "2026-07-10T04:58:00.790Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21057 (GCVE-0-2026-21057)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:30
    VLAI
    Summary
    Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Pass Unaffected: 5.2.10.3 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:24:50.936899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:30:25.418Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Pass",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "5.2.10.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20 Improper input validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:21.040Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21057",
        "datePublished": "2026-07-10T04:58:21.040Z",
        "dateReserved": "2025-12-11T01:33:35.821Z",
        "dateUpdated": "2026-07-10T11:30:25.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21056 (GCVE-0-2026-21056)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Health Unaffected: 7.00.0.107 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Health",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "7.00.0.107",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:19.968Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21056",
        "datePublished": "2026-07-10T04:58:19.968Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T04:58:19.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21055 (GCVE-0-2026-21055)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:39
    VLAI
    Summary
    Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Bixby Unaffected: 4.0.70.8 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:39:13.489419Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:39:27.272Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Bixby",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "4.0.70.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-926: Improper Export of Android Application Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:18.785Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21055",
        "datePublished": "2026-07-10T04:58:18.785Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:39:27.272Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21054 (GCVE-0-2026-21054)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:40
    VLAI
    Summary
    Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-926 - Improper Export of Android Application Components
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile InputSharing Unaffected: 2.7.01.4 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:39:52.231620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:40:14.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "InputSharing",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "2.7.01.4",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-926: Improper Export of Android Application Components",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:17.352Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21054",
        "datePublished": "2026-07-10T04:58:17.352Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:40:14.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21053 (GCVE-0-2026-21053)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:41
    VLAI
    Summary
    Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Email Unaffected: 6.2.13.1 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:40:42.601599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:41:13.002Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Email",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "6.2.13.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20 Improper input validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:16.247Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21053",
        "datePublished": "2026-07-10T04:58:16.247Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:41:13.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21052 (GCVE-0-2026-21052)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:41
    VLAI
    Summary
    Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:41:40.180868Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:41:50.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-22 Path traversal",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:15.141Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21052",
        "datePublished": "2026-07-10T04:58:15.141Z",
        "dateReserved": "2025-12-11T01:33:35.820Z",
        "dateUpdated": "2026-07-10T11:41:50.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21051 (GCVE-0-2026-21051)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 11:45
    VLAI
    Summary
    Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21051",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T11:45:03.619826Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T11:45:14.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-276: Incorrect Default Permissions",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:13.915Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21051",
        "datePublished": "2026-07-10T04:58:13.915Z",
        "dateReserved": "2025-12-11T01:33:35.819Z",
        "dateUpdated": "2026-07-10T11:45:14.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21050 (GCVE-0-2026-21050)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:12.835Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21050",
        "datePublished": "2026-07-10T04:58:12.835Z",
        "dateReserved": "2025-12-11T01:33:35.817Z",
        "dateUpdated": "2026-07-10T04:58:12.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21049 (GCVE-0-2026-21049)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 12:18
    VLAI
    Summary
    Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T12:18:02.233830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:18:10.884Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:11.656Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21049",
        "datePublished": "2026-07-10T04:58:11.656Z",
        "dateReserved": "2025-12-11T01:33:35.817Z",
        "dateUpdated": "2026-07-10T12:18:10.884Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21048 (GCVE-0-2026-21048)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:10.507Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21048",
        "datePublished": "2026-07-10T04:58:10.507Z",
        "dateReserved": "2025-12-11T01:33:35.817Z",
        "dateUpdated": "2026-07-10T04:58:10.507Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21046 (GCVE-0-2026-21046)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 12:22
    VLAI
    Summary
    Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-21046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-10T12:22:30.313712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:22:37.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:09.129Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21046",
        "datePublished": "2026-07-10T04:58:09.129Z",
        "dateReserved": "2025-12-11T01:33:35.816Z",
        "dateUpdated": "2026-07-10T12:22:37.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-21045 (GCVE-0-2026-21045)

    Vulnerability from cvelistv5 – Published: 2026-07-10 04:58 – Updated: 2026-07-10 04:58
    VLAI
    Summary
    Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Mobile Devices Unaffected: SMR Jul-2026 Release in Android 14, 15, 16 , < * (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Mobile Devices",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "SMR Jul-2026 Release in Android 14, 15, 16",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T04:58:07.917Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=07"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2026-21045",
        "datePublished": "2026-07-10T04:58:07.917Z",
        "dateReserved": "2025-12-11T01:33:35.816Z",
        "dateUpdated": "2026-07-10T04:58:07.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }