Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
AnalysisAI
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged attacker to launch arbitrary Android Activities without proper permission checks. Exploitation requires passive user interaction (CVSS 4.0 UI:P) and local device access, but the confidentiality impact on the vulnerable system is rated High (VC:H), consistent with the reported Information Disclosure tag. No public exploit code exists and the vulnerability is not listed in CISA's KEV catalog at time of analysis; Samsung has released a patch in SMR Jun-2026 Release 1.
Technical ContextAI
AppBlock is a Samsung-developed application management feature present on Samsung Mobile Devices. The vulnerability arises from an authorization control failure in how AppBlock manages Activity launching - a fundamental Android component interaction mechanism. When an Android application improperly exports Activities or fails to enforce permission checks on Intent-driven launches, low-privileged local apps can invoke those Activities outside their intended context. This class of flaw aligns with improper authorization patterns (no CWE is formally assigned in the NVD entry, though CWE-285 Improper Authorization or CWE-926 Improper Export of Android Application Components would be applicable). The affected CPE is cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*, covering the full Samsung Mobile Devices product line running Android 15 and 16 prior to the June 2026 SMR patch.
RemediationAI
Apply Samsung's SMR Jun-2026 Release 1 security update, which resolves this vulnerability on Android 15 and Android 16 devices. Update instructions and confirmation of the patched release are provided in Samsung's official security bulletin at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=06. For enterprise deployments managed via Samsung Knox, administrators should prioritize pushing this monthly security update to affected device fleets. As a compensating control prior to patching, restrict installation of untrusted or sideloaded applications on managed devices, as exploitation requires a low-privileged malicious app to be present locally - this reduces the attack surface without eliminating the underlying flaw. Blocking unknown sources in device policy is actionable via Knox MDM but may impact legitimate app distribution workflows.
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent netwo
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34803
GHSA-7p4c-vmfg-g296