Skip to main content

Galaxy Editing Service CVE-2026-21029

| EUVDEUVD-2026-34801 MEDIUM
2026-06-05 SamsungMobile GHSA-h2jf-5w74-2mg5
6.8
CVSS 4.0 · NVD
Share

Severity by source

Vendor (SamsungMobile) PRIMARY
MEDIUM
qualitative
NVD
6.8 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (SamsungMobile).

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 13:34 vuln.today
CVSS changed
Jun 05, 2026 - 11:22 NVD
6.8 (MEDIUM)
CVE Published
Jun 05, 2026 - 10:15 nvd
MEDIUM 6.8
CVE Published
Jun 05, 2026 - 10:15 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.

AnalysisAI

Improper Android component export in Samsung's Galaxy Editing Service exposes privileged operations to local, low-privileged attackers on Android 14, 15, and 16 devices prior to SMR Jun-2026 Release 1. A malicious app installed on the device can directly invoke these exported components - bypassing intended permission controls - to execute operations with elevated privileges, resulting in high integrity impact on the vulnerable system. No public exploit identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Technical ContextAI

Android application components - Activities, Services, BroadcastReceivers, and ContentProviders - can be declared as exported in an app's AndroidManifest.xml, making them accessible to any other app on the device. When exported components lack proper permission enforcement (e.g., missing signature-level permission checks or missing intent validation), any co-resident app can send crafted Intents to invoke them. Galaxy Editing Service, a privileged Samsung system service on Galaxy devices (CPE: cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*), exposes one or more such components without adequate access control. CWE is listed as N/A in the source data, though the vulnerability pattern is architecturally consistent with CWE-926 (Improper Export of Android Application Components). The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local attack surface with low complexity and no special attack requirements beyond low-privilege app execution.

RemediationAI

Apply the vendor-released patch included in SMR Jun-2026 Release 1, which addresses the improper component export in Galaxy Editing Service across Android 14, 15, and 16. Samsung typically distributes SMR updates via OTA through device Settings > Software Update; enterprise deployments using Samsung Knox Mobile Enrollment or EMM solutions (e.g., Microsoft Intune, VMware Workspace ONE) should push the June 2026 firmware update through their MDM policy. The full advisory is available at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=06. If immediate patching is not feasible, a compensating control is to restrict sideloading on managed devices (disable 'Install unknown apps' via MDM policy), which limits an attacker's ability to deliver the malicious app needed to invoke the exported components - note this does not eliminate risk from apps already installed or distributed via the Play Store if they carry exploit payloads. Restricting device enrollment to trusted, managed app catalogs further reduces exposure.

Share

CVE-2026-21029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy