Improper Access Control Vulnerability in Samsung Mobile AuditLogService
CVE-2026-21028

5.1MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 5 June 2026

What is CVE-2026-21028?

An improper access control vulnerability exists in the AuditLogService of Samsung Mobile, which could allow local attackers to gain unauthorized access to sensitive information. This flaw was identified prior to the June 2026 SMR Release 1, potentially exposing critical data to those with local access. It is essential for users to apply necessary patches and updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

Samsung Mobile Devices SMR Jun-2026 Release in Android 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Dec 11, 2025

CVE-2026-21028 Data

JSON