Data Authenticity Weakness in Package Manager Service from Samsung
CVE-2026-21023

6.9MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-21023?

A vulnerability exists in the PackageManagerService prior to the SMR Mar-2026 Release 1 in Samsung devices that allows local attackers to manipulate the installation restrictions of specific applications. Due to insufficient verification of data authenticity, these attackers may exploit the flaw to bypass intended security measures, leading to potential unauthorized app installations and altered app behaviors.

Affected Version(s)

Samsung Mobile Devices SMR Mar-2026 Release in Android 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21023 Data

JSON