Improper Access Control in IAFDService Affects Samsung Products
CVE-2026-21040
6.9MEDIUM
What is CVE-2026-21040?
A vulnerability in IAFDService allows local privileged attackers to exploit misguided access control mechanisms, granting them unauthorized access to sensitive privileged APIs. This issue impacts all versions of IAFDService preceding the SMR July 2026 Release 1, potentially compromising device security and functionality.
Affected Version(s)
Samsung Mobile Devices SMR Jul-2026 Release in Android 14, 15, 16