Skip to main content

Samsung Mobile Devices CVE-2026-21028

| EUVDEUVD-2026-34800 MEDIUM
2026-06-05 SamsungMobile GHSA-v9qf-4h48-3vcg
5.1
CVSS 4.0 · NVD
Share

Severity by source

Vendor (SamsungMobile) PRIMARY
MEDIUM
qualitative
NVD
5.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (SamsungMobile).

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 05, 2026 - 13:31 vuln.today
CVSS changed
Jun 05, 2026 - 11:22 NVD
5.1 (MEDIUM)
CVE Published
Jun 05, 2026 - 10:15 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.

AnalysisAI

Improper access control in the AuditLogService component of Samsung Mobile Devices running Android 16 exposes sensitive audit log information to local attackers. The flaw, disclosed and patched by Samsung Mobile as part of their June 2026 Security Maintenance Release (SMR Jun-2026 Release 1), enables a local attacker without special privileges to both read and potentially modify sensitive data surfaced by the audit logging subsystem. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Technical ContextAI

AuditLogService is a privileged system service within the Samsung Android software stack, responsible for recording and managing audit log events on the device. The vulnerability stems from improper access control - specifically, the service fails to adequately restrict which calling contexts or user-space processes can interact with or retrieve audit data it manages. The CPE (cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*) broadly covers Samsung Mobile Devices without pinning to a specific hardware model, indicating the issue is in Samsung's Android software layer rather than device firmware. No CWE identifier was assigned in the provided data, but the behavioral description maps conceptually to CWE-284 (Improper Access Control) or CWE-732 (Incorrect Permission Assignment for Critical Resource). The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:N) confirms local, low-complexity exploitation requiring no prior privileges or user interaction.

RemediationAI

Apply the Samsung Security Maintenance Release SMR Jun-2026 Release 1 for Android 16, which contains the fix for this vulnerability as confirmed by Samsung Mobile and documented under EUVD-2026-34800. Users and enterprise administrators should ensure devices are updated to this release or later via OTA update or device management policy. The Samsung Mobile Security Advisory at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=06 should be consulted for exact build identifiers and device-specific rollout timelines. As a compensating control prior to patching, organizations with mobile device management (MDM) solutions should audit which applications hold permissions enabling local service interaction, and consider restricting sideloaded or untrusted application installation to reduce the local attacker foothold prerequisite. No workaround that eliminates the vulnerability without patching has been identified from available data.

CVE-2026-21019 HIGH
8.6 May 13

Local privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy

CVE-2026-21025 MEDIUM
6.9 Jun 05

Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm

CVE-2026-21022 MEDIUM
6.9 May 13

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce

CVE-2026-21023 MEDIUM
6.9 Apr 29

Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att

CVE-2026-21018 MEDIUM
6.8 May 13

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary

CVE-2026-21012 MEDIUM
6.8 Apr 13

External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers

CVE-2026-21015 MEDIUM
6.8 May 13

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id

CVE-2026-21010 MEDIUM
6.6 Apr 13

Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li

CVE-2026-21011 MEDIUM
5.4 Apr 13

Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp

CVE-2026-21003 MEDIUM
5.2 Apr 13

Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas

CVE-2026-21031 MEDIUM
5.2 Jun 05

Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att

CVE-2026-21021 MEDIUM
5.1 May 13

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act

Share

CVE-2026-21028 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy