Improper Access Control in IAFDService Affects Samsung Products
CVE-2026-21040

6.9MEDIUM

Key Information:

Vendor

Samsung

Vendor
CVE Published:
10 July 2026

What is CVE-2026-21040?

A vulnerability in IAFDService allows local privileged attackers to exploit misguided access control mechanisms, granting them unauthorized access to sensitive privileged APIs. This issue impacts all versions of IAFDService preceding the SMR July 2026 Release 1, potentially compromising device security and functionality.

Affected Version(s)

Samsung Mobile Devices SMR Jul-2026 Release in Android 14, 15, 16

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.