What is the CVSS score of CVE-2026-20986?

CVE-2026-20986 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Members are affected by CVE-2026-20986?

Organizations using Samsung Members should be aware of moderate risk from CVE-2026-20986, a path traversal vulnerability rated CVSS 5.5. This could allow unauthorized file access.

Members CVE-2026-20986

MEDIUM

Path Traversal (CWE-22)

2026-02-04 mobile.security@samsung.com

Path Traversal Samsung Members

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Feb 04, 2026 - 07:16 nvd

MEDIUM 5.5

DescriptionNVD

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.

AnalysisAI

Samsung Members versions prior to 15.5.05.4 contain a path traversal vulnerability that enables local attackers to overwrite arbitrary data within the application. This vulnerability requires local access and valid user credentials but does not provide read access to sensitive information. …

RemediationAI

Within 30 days: Identify affected systems running Samsung Members and apply vendor patches as part of regular patch cycle. Review file handling controls.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory