Severity by source
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
AnalysisAI
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to bypass Extend Unlock authentication due to incorrect privilege assignment, enabling unauthorized device access without requiring prior authentication. The vulnerability requires physical proximity and user interaction but grants full confidentiality and integrity compromise of the device. No public exploit code has been identified at the time of analysis.
Technical ContextAI
The vulnerability resides in Samsung Mobile's Bluetooth stack implementation within maintenance mode functionality. Maintenance mode is a privileged operational state typically used for device diagnostics and service operations. The flaw involves improper privilege elevation or permission checks in the Bluetooth subsystem that fails to enforce proper authentication boundaries when processing Extend Unlock commands. This allows an attacker with physical access to the device and ability to trigger user interaction to assume elevated privileges normally reserved for authenticated users or administrators. The Bluetooth protocol layer does not properly validate privilege contexts before granting access to security-critical unlock mechanisms.
RemediationAI
Patch to Samsung Mobile devices updated with April 2026 SMR Release 1 or later. Users should visit https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 to identify their specific device model and download the latest firmware update. Pending patch application, restrict physical device access to trusted individuals, avoid entering maintenance mode on devices in untrusted environments, and ensure Bluetooth is disabled when the device is not in active use. For enterprise deployments, enforce strict physical security controls over devices and consider device management policies that restrict maintenance mode access or disable Bluetooth functionality in high-risk contexts.
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent netwo
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21866