Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local access and high privileges required per description; confidentiality-only impact with no scope change or integrity/availability effect.
Primary rating from Vendor (samsung).
CVSS VectorVendor: samsung
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
AnalysisAI
Path traversal in Samsung Mobile's Wallpaper service exposes arbitrary files readable under the system server privilege to local privileged attackers. Affected devices run Android 14, 15, and 16 with firmware prior to the SMR Jul-2026 Release 1. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local, authenticated access to the device with high OS-level privileges (PR:H per CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The real-world risk is moderate and well-bounded by the attack prerequisites. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already obtained a high-privilege local foothold on a Samsung device - for example, through a separate privilege-escalation exploit or a malicious privileged application - crafts a path traversal payload targeting the Wallpaper service API. By supplying a path such as '../../data/system/accounts.db' or similar, the attacker reads files owned by or accessible to the system server process, exfiltrating sensitive credentials or application state. … |
| Remediation | Apply Samsung SMR Jul-2026 Release 1, which is the vendor-confirmed fix for Android 14, 15, and 16. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42814
GHSA-xw53-mwm6-gh7q