Severity by source
AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
AnalysisAI
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with limited privileges to trigger privileged functions, potentially leading to information disclosure and unauthorized modification of device state. The vulnerability requires physical or local access and low-privilege credentials, limiting immediate remote exploitation risk but posing significant concern for retail environments where devices are physically accessible to untrusted parties.
Technical ContextAI
The vulnerability resides in Samsung Mobile's Retail Mode functionality, a special operational state designed for in-store demonstrations and testing. Retail Mode typically operates with elevated privileges to facilitate rapid device configuration and feature showcasing. The improper input validation flaw permits bypass of privilege boundary checks, allowing a local attacker with limited user privileges (PR:L) to invoke functions normally restricted to system or administrative accounts. The root cause is classified under input validation deficiencies, suggesting the Retail Mode subsystem fails to adequately sanitize or validate user-supplied input before processing commands that should require higher privilege levels. The affected CPE encompasses Samsung Mobile devices across all versions prior to the April 2026 Security Maintenance Release (SMR) batch 1.
RemediationAI
Vendor-released patch: Samsung Mobile SMR April 2026 Release 1 and later. Affected users must update their Samsung Mobile devices to the April 2026 SMR patch or a more recent security release. No workarounds are available for this privilege escalation vulnerability; patching is the only remediation path. Users should check Samsung Mobile's security update portal at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04 for device-specific patch availability and installation instructions. Organizations managing retail or demo devices should prioritize patching to prevent unauthorized access to sensitive device configuration and data.
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Samsung Mobile S Share application prior to the April 2026 SMR Release 1 exposes sensitive information to adjacent netwo
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21864