Improper Condition Check in Samsung Mobile Recents Allows App Pin Bypass
CVE-2026-21009

4.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-21009?

A flaw in the Samsung Mobile Recents app prior to the SMR Apr-2026 Release 1 permits a physical attacker to bypass app pinning mechanisms. This improper check for exceptional conditions could allow an unauthorized user to access sensitive applications on compromised devices, potentially leading to unauthorized data access or manipulation.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2026 Release in Android 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21009 Data

JSON