Skip to main content

Jwt Attack CVE-2026-21002

| EUVDEUVD-2026-12321 MEDIUM
Improper Verification of Cryptographic Signature (CWE-347)
2026-03-16 SamsungMobile
5.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 05:00 euvd
EUVD-2026-12321
Analysis Generated
Mar 16, 2026 - 05:00 vuln.today
CVE Published
Mar 16, 2026 - 04:32 nvd
MEDIUM 5.9

DescriptionCVE.org

Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.

AnalysisAI

Galaxy Store prior to version 4.6.03.8 contains an improper cryptographic signature verification vulnerability that allows a local attacker to install arbitrary applications without proper authorization. An attacker with physical or local access to a device can bypass the signature validation mechanism, enabling installation of malicious or unauthorized apps. While the CVSS score of 5.9 is moderate, the integrity impact is high, making this a meaningful threat to device security and app ecosystem integrity.

Technical ContextAI

This vulnerability exists in the cryptographic signature verification mechanism of Samsung Galaxy Store, the primary application distribution platform for Samsung Android devices. The root cause falls under improper cryptographic signature verification, where the application installer fails to properly validate digital signatures on application packages before installation. The affected component is responsible for authenticating application provenance and integrity through PKI-based signature schemes. Samsung Galaxy Store versions prior to 4.6.03.8 (CPE identifier likely cpe:2.3:a:samsung:galaxy_store) contain flawed validation logic that does not adequately verify signatures against trusted certificate authorities or allows signature verification to be bypassed through local manipulation. This is a classic implementation flaw in cryptographic controls where the validation checks are either incomplete, can be circumvented, or are performed at the wrong stage of the installation pipeline.

RemediationAI

Update Samsung Galaxy Store to version 4.6.03.8 or later immediately. This patch addresses the improper signature verification flaw and restores the integrity of the application installation process. Users should enable automatic updates for Galaxy Store if available through Samsung settings or manually check for updates via the Galaxy Store app itself or Samsung Members app. As an interim control pending patching, restrict local user account creation on shared devices, disable installation from unknown sources if not required, and review installed applications for suspicious or unexpected entries. Device administrators managing Samsung devices in enterprise environments should use Samsung Knox and Mobile Device Management (MDM) solutions to enforce app whitelisting and restrict Galaxy Store access to validated catalogs.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-21002 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy