Samsung CVE-2026-21006

Q: What is the CVSS score of CVE-2026-21006?

CVE-2026-21006 has a CVSS 4.0 base score of 4.7 (Medium). CVSS vector: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21856 MEDIUM

2026-04-13 SamsungMobile

GHSA-h9qc-47v9-vqv2

Information Disclosure Samsung

4.7

CVSS 4.0

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 13, 2026 - 06:28 vuln.today

CVSS changed

Apr 13, 2026 - 06:22 NVD

4.7 (MEDIUM)

EUVD ID Assigned

Apr 13, 2026 - 06:15 euvd

EUVD-2026-21856

Analysis Generated

Apr 13, 2026 - 06:15 vuln.today

CVE Published

Apr 13, 2026 - 05:04 nvd

MEDIUM 4.7

DescriptionNVD

Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.

AnalysisAI

Samsung DeX prior to the April 2026 Release 1 update contains improper access control that allows physical attackers to access hidden notification contents on affected Samsung mobile devices. The vulnerability requires direct physical access to the device but carries high scope and information integrity impact due to potential exposure of sensitive notification data. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory