Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (SamsungMobile).
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
AnalysisAI
Improper Android component export in Samsung's Galaxy Editing Service exposes privileged operations to local, low-privileged attackers on Android 14, 15, and 16 devices prior to SMR Jun-2026 Release 1. A malicious app installed on the device can directly invoke these exported components - bypassing intended permission controls - to execute operations with elevated privileges, resulting in high integrity impact on the vulnerable system. No public exploit identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.
Technical ContextAI
Android application components - Activities, Services, BroadcastReceivers, and ContentProviders - can be declared as exported in an app's AndroidManifest.xml, making them accessible to any other app on the device. When exported components lack proper permission enforcement (e.g., missing signature-level permission checks or missing intent validation), any co-resident app can send crafted Intents to invoke them. Galaxy Editing Service, a privileged Samsung system service on Galaxy devices (CPE: cpe:2.3:a:samsung_mobile:samsung_mobile_devices:*:*:*:*:*:*:*:*), exposes one or more such components without adequate access control. CWE is listed as N/A in the source data, though the vulnerability pattern is architecturally consistent with CWE-926 (Improper Export of Android Application Components). The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local attack surface with low complexity and no special attack requirements beyond low-privilege app execution.
RemediationAI
Apply the vendor-released patch included in SMR Jun-2026 Release 1, which addresses the improper component export in Galaxy Editing Service across Android 14, 15, and 16. Samsung typically distributes SMR updates via OTA through device Settings > Software Update; enterprise deployments using Samsung Knox Mobile Enrollment or EMM solutions (e.g., Microsoft Intune, VMware Workspace ONE) should push the June 2026 firmware update through their MDM policy. The full advisory is available at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=06. If immediate patching is not feasible, a compensating control is to restrict sideloading on managed devices (disable 'Install unknown apps' via MDM policy), which limits an attacker's ability to deliver the malicious app needed to invoke the exported components - note this does not eliminate risk from apps already installed or distributed via the Play Store if they carry exploit payloads. Restricting device enrollment to trusted, managed app catalogs further reduces exposure.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34801
GHSA-h2jf-5w74-2mg5