Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
AnalysisAI
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers to create files with system privileges, potentially leading to privilege escalation or system compromise. The vulnerability requires high-level local privileges and affects Samsung Mobile devices through a path traversal or file name manipulation flaw in the AODManager component. No public exploit code has been identified at the time of analysis.
Technical ContextAI
AODManager is a Samsung system component responsible for managing Always-On Display functionality in Samsung Mobile devices. The vulnerability stems from improper validation of file name inputs, allowing an attacker with high-level local privileges to bypass file creation restrictions and write files with elevated system privileges. This is a classic external control of file name vulnerability (path traversal or insecure temporary file creation variant), where user-supplied or attacker-controlled input is used directly in file operations without proper sanitization. The flaw exists in the system-level service that handles display management operations, making it particularly dangerous as it operates with system-level context.
RemediationAI
Users should apply the Samsung Security Maintenance Release for April 2026 Release 1 or later, which contains the fix for the AODManager external file name control vulnerability. This update should be applied to all affected Samsung Mobile devices as soon as it becomes available. The patch can be obtained through Samsung's official security update portal at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04. No interim workarounds are applicable given the system-level nature of the AODManager component; patching is the primary remediation path. Users with devices not yet eligible for the April 2026 SMR should monitor Samsung's security advisory for their specific device model's update timeline.
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent netwo
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21868
GHSA-ff89-7r94-6q4q