Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (SamsungMobile).
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
AnalysisAI
Improper access control in the AuditLogService component of Samsung Mobile Devices running Android 16 exposes sensitive audit log information to local attackers. The flaw, disclosed and patched by Samsung Mobile as part of their June 2026 Security Maintenance Release (SMR Jun-2026 Release 1), enables a local attacker without special privileges to both read and potentially modify sensitive data surfaced by the audit logging subsystem. No public exploit code has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Technical ContextAI
AuditLogService is a privileged system service within the Samsung Android software stack, responsible for recording and managing audit log events on the device. The vulnerability stems from improper access control - specifically, the service fails to adequately restrict which calling contexts or user-space processes can interact with or retrieve audit data it manages. The CPE (cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*) broadly covers Samsung Mobile Devices without pinning to a specific hardware model, indicating the issue is in Samsung's Android software layer rather than device firmware. No CWE identifier was assigned in the provided data, but the behavioral description maps conceptually to CWE-284 (Improper Access Control) or CWE-732 (Incorrect Permission Assignment for Critical Resource). The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:N/UI:N) confirms local, low-complexity exploitation requiring no prior privileges or user interaction.
RemediationAI
Apply the Samsung Security Maintenance Release SMR Jun-2026 Release 1 for Android 16, which contains the fix for this vulnerability as confirmed by Samsung Mobile and documented under EUVD-2026-34800. Users and enterprise administrators should ensure devices are updated to this release or later via OTA update or device management policy. The Samsung Mobile Security Advisory at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=06 should be consulted for exact build identifiers and device-specific rollout timelines. As a compensating control prior to patching, organizations with mobile device management (MDM) solutions should audit which applications hold permissions enabling local service interaction, and consider restricting sideloaded or untrusted application installation to reduce the local attacker foothold prerequisite. No workaround that eliminates the vulnerability without patching has been identified from available data.
More in Samsung Mobile Devices
View allLocal privilege escalation in Samsung Galaxy Watch allows unprivileged local attackers to execute arbitrary code with sy
Incorrect privilege assignment in the Telephony component of Samsung Mobile devices prior to SMR Jun-2026 Release 1 perm
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to acce
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local att
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary
External control of file name in Samsung AODManager prior to April 2026 SMR Release 1 allows privileged local attackers
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique id
Improper input validation in Samsung Mobile Retail Mode prior to SMR April 2026 Release 1 allows local attackers with li
Bluetooth maintenance mode in Samsung Mobile devices prior to April 2026 SMR Release 1 permits physical attackers to byp
Improper input validation in Samsung Mobile devices prior to SMR April 2026 Release 1 allows physical attackers to bypas
Improper authorization in Samsung's AppBlock application on Android 15 and 16 devices allows a local, low-privileged att
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged act
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34800
GHSA-v9qf-4h48-3vcg