DNA View

CVE-2026-21009

Medium

Low Medium High Critical

6.8

CVSS Score

Published: Apr 13, 2026

Last Modified: Apr 15, 2026

CWE: CWE-754

Vulnerability Description

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 1 vendor(s)

android

Version:

15.0

CPE:

cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*

android

Version:

16.0

CPE:

cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*

android

Version:

14.0

CPE:

cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04
mobile.security@samsung.com Vendor Advisory

Severity Details

6.8

out of 10.0

Medium

Weakness Type (CWE)

CWE-754

Improper Check for Unusual or Exceptional Conditions

Description: The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Exploit Likelihood: Medium
Typical Severity: High
Abstraction Level: Class