Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
AnalysisAI
Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent network attackers without requiring authentication, achieved through a low-complexity attack requiring only user interaction. The vulnerability has a CVSS 5.1 score reflecting limited confidentiality impact over an adjacent network, and is addressed in the April 2026 security patch release.
Technical ContextAI
S Share is a Samsung Mobile file-sharing application that operates on local network protocols accessible to adjacent attackers (devices on the same network segment). The vulnerability stems from insufficient access controls or improper data protection mechanisms in the application's information handling routines prior to the April 2026 SMR patch. The CVSS vector indicates an adjacent attack vector (AV:A) with low complexity (AC:L), no timing constraints (AT:N), and no special privileges required (PR:N), though user interaction is necessary (UI:P). The impact is restricted to confidentiality loss (VC:L) with no integrity or availability impact. The affected product classification spans Samsung Mobile devices across all versions prior to the April 2026 update, as indicated by the CPE wildcard pattern for samsung_mobile:samsung_mobile_devices.
RemediationAI
Update Samsung Mobile devices to the April 2026 SMR Release 1 patch or later, which addresses the S Share information exposure vulnerability. Check the Samsung Mobile security update portal at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 for device-specific patch availability and installation instructions. As a temporary mitigation prior to patching, restrict S Share usage on untrusted networks, disable S Share when not in active use, and ensure devices are connected only to trusted Wi-Fi networks (not open or guest networks). Consider disabling Wi-Fi and relying on cellular connectivity for sensitive operations until patched.
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21860
GHSA-hgj3-xj27-6wfp