Skip to main content

Samsung AppBlock CVE-2026-21031

| EUVDEUVD-2026-34803 MEDIUM
Incorrect Authorization (CWE-863)
2026-06-05 SamsungMobile GHSA-7p4c-vmfg-g296
5.2
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.2 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 05, 2026 - 13:33 vuln.today
CVSS changed
Jun 05, 2026 - 11:22 NVD
5.2 (MEDIUM)
CVE Published
Jun 05, 2026 - 10:15 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.

AnalysisAI

Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged attacker to launch arbitrary Android Activities without proper permission checks. Exploitation requires passive user interaction (CVSS 4.0 UI:P) and local device access, but the confidentiality impact on the vulnerable system is rated High (VC:H), consistent with the reported Information Disclosure tag. No public exploit code exists and the vulnerability is not listed in CISA's KEV catalog at time of analysis; Samsung has released a patch in SMR Jun-2026 Release 1.

Technical ContextAI

AppBlock is a Samsung-developed application management feature present on Samsung Mobile Devices. The vulnerability arises from an authorization control failure in how AppBlock manages Activity launching - a fundamental Android component interaction mechanism. When an Android application improperly exports Activities or fails to enforce permission checks on Intent-driven launches, low-privileged local apps can invoke those Activities outside their intended context. This class of flaw aligns with improper authorization patterns (no CWE is formally assigned in the NVD entry, though CWE-285 Improper Authorization or CWE-926 Improper Export of Android Application Components would be applicable). The affected CPE is cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*, covering the full Samsung Mobile Devices product line running Android 15 and 16 prior to the June 2026 SMR patch.

RemediationAI

Apply Samsung's SMR Jun-2026 Release 1 security update, which resolves this vulnerability on Android 15 and Android 16 devices. Update instructions and confirmation of the patched release are provided in Samsung's official security bulletin at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=06. For enterprise deployments managed via Samsung Knox, administrators should prioritize pushing this monthly security update to affected device fleets. As a compensating control prior to patching, restrict installation of untrusted or sideloaded applications on managed devices, as exploitation requires a low-privileged malicious app to be present locally - this reduces the attack surface without eliminating the underlying flaw. Blocking unknown sources in device policy is actionable via Knox MDM but may impact legitimate app distribution workflows.

CVE-2026-21019 HIGH
8.6 May 13

Local privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy

CVE-2026-21025 MEDIUM
6.9 Jun 05

Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm

CVE-2026-21022 MEDIUM
6.9 May 13

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce

CVE-2026-21023 MEDIUM
6.9 Apr 29

Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att

CVE-2026-21018 MEDIUM
6.8 May 13

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary

CVE-2026-21012 MEDIUM
6.8 Apr 13

External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers

CVE-2026-21015 MEDIUM
6.8 May 13

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id

CVE-2026-21010 MEDIUM
6.6 Apr 13

Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li

CVE-2026-21011 MEDIUM
5.4 Apr 13

Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp

CVE-2026-21003 MEDIUM
5.2 Apr 13

Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas

CVE-2026-21021 MEDIUM
5.1 May 13

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act

CVE-2026-21008 MEDIUM
5.1 Apr 13

Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent netwo

Share

CVE-2026-21031 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy