Severity by source
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
AnalysisAI
Device Care in Samsung Mobile devices prior to the April 2026 SMR Release 1 contains an improper exception handling vulnerability that permits physical attackers to bypass Knox Guard authentication enforcement. With a CVSS score of 4.4 and attack vector requiring physical access, this vulnerability poses a localized but serious integrity and confidentiality risk to device security architecture, particularly for devices left unattended or in corporate environments where physical access controls may be compromised.
Technical ContextAI
Device Care is a Samsung system application responsible for device maintenance and optimization; Knox Guard is Samsung's enterprise-grade defense mechanism integrated into the Knox security platform. The vulnerability resides in inadequate validation of exceptional conditions within Device Care's code path, likely in initialization, permission-checking, or state-transition logic that interfaces with Knox Guard's security enforcement layer. The root cause appears to be improper exception handling (CWE categorization not provided) that allows control flow to bypass or skip critical authentication or authorization checks. Physical attack vector combined with the ability to modify authentication state suggests the vulnerability may be triggered through direct hardware manipulation, bootloader-level access, or exploitation of a race condition that requires proximity to the device.
RemediationAI
Device owners and enterprise administrators must update affected Samsung Mobile devices to the April 2026 SMR Release 1 or later as soon as patches become available. Vendor-released patch details including exact firmware versions will be published in Samsung's April 2026 security bulletin accessible at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04. Until patching is completed, organizations should enforce strict physical security controls over Samsung devices, including secure storage, locked device cabinets, and restricted access in high-risk environments. Knox Guard remote management features should be leveraged to monitor and enforce compliance posture across device fleets. For devices that cannot be immediately patched due to operational constraints, consider disabling or limiting local physical access pathways if technically feasible (e.g., USB debugging restrictions, bootloader lock enforcement via Knox).
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21858
GHSA-mfwr-v65c-m55q