Improper Access Control in Samsung DeX by Samsung
CVE-2026-21006

4.7MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-21006?

The vulnerability in Samsung DeX prior to the April 2026 release allows physical attackers to exploit improper access control mechanisms. This flaw could enable unauthorized users to access hidden notification contents, posing a potential security risk for users. It is essential to update to the latest version provided in the security release to mitigate this risk.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2026 Release in Android 15

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21006 Data

JSON