Race Condition in FabricKeymaster Trustlet Affects Samsung Devices
CVE-2026-21046

8.4HIGH

Key Information:

Vendor

Samsung

Vendor
CVE Published:
10 July 2026

What is CVE-2026-21046?

A race condition vulnerability exists in the FabricKeymaster trustlet prior to the SMR Jul-2026 Release 1, allowing local privileged attackers to exploit the timing discrepancy between the check for conditions and their subsequent use. This flaw enables the execution of arbitrary code on affected Samsung devices, posing a significant risk to device integrity and user data security.

Affected Version(s)

Samsung Mobile Devices SMR Jul-2026 Release in Android 14, 15, 16

References

CVSS V4

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.