Improper Component Export in OmaCP by Samsung
CVE-2026-21020

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-21020?

The OmaCP software from Samsung exhibits a vulnerability where improper export of application components can be exploited by local attackers. This flaw provides them with the ability to trigger privileged functions without appropriate authorization. This situation poses a risk to user data integrity and the overall security of the device, making it crucial for users to apply the latest security updates to mitigate potential threats.

Affected Version(s)

Samsung Mobile Devices SMR May-2026 Release in Android 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21020 Data

JSON