Improper Input Validation Vulnerability in Galaxy Watch by Samsung
CVE-2026-21019

8.9HIGH

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-21019?

An improper input validation flaw in the FacAtFunction of Galaxy Watch models prior to the SMR May-2026 Release 1 enables a local attacker to execute arbitrary code with system privileges, potentially compromising the device and user data. This vulnerability warrants immediate attention to mitigate risks associated with unauthorized access and control.

Affected Version(s)

Samsung Mobile Devices SMR May-2026 Release in Android Watch 14, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21019 Data

JSON