Samsung mobile devices
This hub aggregates every CVE we track for Samsung mobile devices, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemsfirmware
801
CVEs tracked
7
Critical
140
High
13
In CISA KEV
Severity distribution
MEDIUM570HIGH140LOW84CRITICAL7
Monthly trend
28
17
19
8
14
7
0
17
6
15
13
10
10
8
28
12
4
8
7
7
5
9
6
8
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Samsung mobile devices.
- CVE-2026-21031Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.7.8
- CVE-2026-21030Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.7.8
- CVE-2026-21029Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.7.8
- CVE-2026-21028Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.5.5
- CVE-2026-21027Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.3.3
- CVE-2026-21026Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.5.5
- CVE-2026-21025Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.5.5
- CVE-2026-21017Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.5.5
- CVE-2026-21022Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.5.5
- CVE-2026-21021Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.6.8
- CVE-2026-21020Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.7.8
- CVE-2026-21018Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.6.7
- CVE-2026-21016Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.5.5
- CVE-2026-21015Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.5.5
- CVE-2026-21023Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.5.5
Product normalization is registry-driven with AI assist and human review. How it works