Improper Export of Android Application Components in Secure Folder by Samsung
CVE-2026-20990

8.4HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 16 March 2026

What is CVE-2026-20990?

An improper export vulnerability in Samsung's Secure Folder prior to the SMR March 2026 Release 1 enables local attackers to exploit application components. By leveraging this flaw, attackers are capable of launching arbitrary activities with Secure Folder privileges, potentially compromising sensitive data and operations within the app.

Affected Version(s)

Samsung Mobile Devices SMR Mar-2026 Release in Android 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-20990 Data

JSON