Improper Privilege Management in Samsung Settings
CVE-2026-20979

8.4HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 4 February 2026

What is CVE-2026-20979?

An improper privilege management issue in Samsung Settings prior to SMR Feb-2026 Release 1 allows local attackers to exploit this vulnerability. By leveraging the settings privilege, attackers can execute arbitrary activities within the application, posing a risk to overall system security. Users running the affected versions should update promptly to mitigate potential security threats.

Affected Version(s)

Samsung Mobile Devices SMR Feb-2026 Release in Android 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-20979 Data

JSON