Improper Permissions in Samsung Mobile Routines Expose Sensitive Data
CVE-2026-21022

6.9MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-21022?

A vulnerability in Samsung Mobile Routines prior to the SMR May-2026 Release 1 allows local attackers to exploit insufficient permission handling, potentially leading to unauthorized access to sensitive information stored on the device. This security flaw highlights the importance of proper permission management to safeguard user data.

Affected Version(s)

Samsung Mobile Devices SMR May-2026 Release in Android 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21022 Data

JSON