CVE-2026-21011

| EUVD-2026-21866 MEDIUM
2026-04-13 SamsungMobile
5.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 06:29 vuln.today
CVSS Changed
Apr 13, 2026 - 06:22 NVD
5.4 (MEDIUM)

Tags

Authentication Bypass Samsung Mobile Devices

Description

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.

Analysis

Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to bypass Extend Unlock authentication due to incorrect privilege assignment, enabling unauthorized device access without requiring prior authentication. The vulnerability requires physical proximity and user interaction but grants full confidentiality and integrity compromise of the device. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +27
POC: 0

Share

CVE-2026-21011 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy