File Name Manipulation Vulnerability in AODManager by Samsung
CVE-2026-21012

6.8MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 13 April 2026

What is CVE-2026-21012?

An external control vulnerability exists in Samsung's AODManager, allowing a privileged local attacker to manipulate file names. This flaw enables attackers to create files with system privileges, potentially compromising system integrity and security. Users are advised to upgrade to the SMR Apr-2026 Release 1 or later to mitigate the risk associated with this vulnerability.

Affected Version(s)

Samsung Mobile Devices SMR Apr-2026 Release in Android 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21012 Data

JSON