Improper Export of Android Application Components in Samsung Assistant
CVE-2026-21032

6.9MEDIUM

Key Information:

Vendor

Samsung

Vendor
CVE Published:
5 June 2026

What is CVE-2026-21032?

The vulnerability in Samsung Assistant, specifically in the SmartHomeWidgetReceiver, allows local attackers to execute arbitrary scripts due to the improper handling of exported Android application components. This oversight could lead to unauthorized access and manipulation of the application environment, posing a significant security risk for users. It is essential for users to update their Samsung Assistant to version 9.3.14 or later to mitigate this vulnerability.

Affected Version(s)

Samsung Assistant 9.3.14

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.