Samsung Samsung

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Samsung product.

RSS Feeds for Samsung security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Samsung products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android351 vulnerabilities

Samsung Mobile Devices96 vulnerabilities

Samsung Notes61 vulnerabilities

Samsung Exynos56 vulnerabilities

Samsung Galaxy Store31 vulnerabilities

Samsung Internet26 vulnerabilities

Samsung Magicinfo 9 Server24 vulnerabilities

Samsung Account23 vulnerabilities

Samsung Smartthings19 vulnerabilities

Samsung Pass15 vulnerabilities

Samsung Email13 vulnerabilities

Samsung Blockchain Keystore12 vulnerabilities

Samsung Health12 vulnerabilities

Samsung Pass10 vulnerabilities

Samsung Email9 vulnerabilities

Samsung Members9 vulnerabilities

Samsung Cloud8 vulnerabilities

Samsung Gallery8 vulnerabilities

Samsung Rlottie7 vulnerabilities

Samsung Flow7 vulnerabilities

Samsung Blockchain Keystore7 vulnerabilities

Samsung Flow6 vulnerabilities

Samsung Wear Os6 vulnerabilities

Samsung Pay4 vulnerabilities

Samsung Magician4 vulnerabilities

Samsung Bixby3 vulnerabilities

Samsung Update3 vulnerabilities

Samsung Exynos 1380 Firmware3 vulnerabilities

Samsung Uphelper Library2 vulnerabilities

Samsung Easysetup2 vulnerabilities

Samsung Escargot2 vulnerabilities

Samsung Exynos 2200 Firmware2 vulnerabilities

Samsung Galaxy S24 Firmware2 vulnerabilities

Samsung Group Sharing2 vulnerabilities

Samsung Assistant1 vulnerability

Samsung Dex1 vulnerability

Samsung Galaxystore1 vulnerability

Recent Samsung Security Advisories

Advisory Title Published
SMR-Jul-2026 Samsung Mobile Security Maintenance Release SMR-Jul-2026 July 7, 2026
SMR-Jun-2026 Samsung Mobile Security Maintenance Release SMR-Jun-2026 June 2, 2026
SMR-May-2026 Samsung Mobile Security Maintenance Release SMR-May-2026 May 6, 2026
SMR-Apr-2026 Samsung Mobile Security Maintenance Release SMR-Apr-2026 April 7, 2026
SMR-Mar-2026 Samsung Mobile Security Maintenance Release SMR-Mar-2026 March 3, 2026
SMR-Feb-2026 Samsung Mobile Security Maintenance Release SMR-Feb-2026 February 3, 2026
SMR-Jan-2026 Samsung Mobile Security Maintenance Release SMR-Jan-2026 January 6, 2026
SMR-Dec-2025 Samsung Mobile Security Maintenance Release SMR-Dec-2025 December 2, 2025
SMR-Nov-2025 Samsung Mobile Security Maintenance Release SMR-Nov-2025 November 11, 2025

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung MagicINFO 9 Server Path Traversal Vulnerability Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
CVE-2024-7399 Exploit Probability: 91.9%
April 24, 2026
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
CVE-2025-21042 Exploit Probability: 11.6%
November 10, 2025
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
CVE-2025-21043 Exploit Probability: 1.4%
October 2, 2025
Samsung MagicINFO 9 Server Path Traversal Vulnerability Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
CVE-2025-4632 Exploit Probability: 24.0%
May 22, 2025
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
CVE-2022-22265 Exploit Probability: 0.4%
September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
CVE-2021-25487 Exploit Probability: 0.6%
June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
CVE-2021-25489 Exploit Probability: 0.5%
June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25394 Exploit Probability: 0.4%
June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25395 Exploit Probability: 0.4%
June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
CVE-2021-25371 Exploit Probability: 0.8%
June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
CVE-2021-25372 Exploit Probability: 0.8%
June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
CVE-2023-21492 Exploit Probability: 2.6%
May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
CVE-2021-25337 Exploit Probability: 2.8%
November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
CVE-2021-25369 Exploit Probability: 1.1%
November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
CVE-2021-25370 Exploit Probability: 0.9%
November 8, 2022

The vulnerability CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 2 known exploited Samsung vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 101 vulnerabilities in Samsung with an average score of 7.3 out of ten. Last year, in 2025 Samsung had 191 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.98.




Year Vulnerabilities Average Score
2026 101 7.27
2025 191 6.29
2024 230 5.95
2023 236 6.33
2022 147 5.66
2021 73 5.73
2020 10 8.10
2019 7 7.00
2018 20 7.71

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-21057 Jul 10, 2026
Samsung Pass <5.2.10.3 Improper Input Validation Enables Local OOB Write Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged attackers to write out-of-bounds memory.
Samsung Pass
CVE-2026-21056 Jul 10, 2026
Samsung Health 7.00.0.106 Improper Auth: Local Access to Connected Device Info Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information.
Health
CVE-2026-21055 Jul 10, 2026
Samsung Bixby <4.0.70.8 Improper exported component leads to local command exec Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege.
Bixby
CVE-2026-21054 Jul 10, 2026
InputSharing Improper Component Export (Android) <2.7.01.4 Local Exploit Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data.
CVE-2026-21053 Jul 10, 2026
Samsung Email <6.2.13.1 Improper Input Validation Allows Local File Creation Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to create arbitrary files within the application sandbox.
Email
CVE-2026-21052 Jul 10, 2026
CVE-2026-21052: Path Traversal in SemClipboardService (Samsung Mobile) Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege.
Samsung Mobile Devices
CVE-2026-21051 Jul 10, 2026
Samsung Mobile WLAN Local Priv Escalation via TencentWifiSecurity Misconfig Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local attackers to configure TencentWifiSecurity settings.
Samsung Mobile Devices
CVE-2026-21050 Jul 10, 2026
Improper Access Control in SmartThingsKit - Local Attacker Access Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21049 Jul 10, 2026
Samsung Mobile libpadm.so OOB Write Enables Local Code Exec Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2026-21048 Jul 10, 2026
Samsung Android DNG OOB Write in libimagecodec.media.quram.so Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2026-21046 Jul 10, 2026
TOCTOU Race in Samsung FabricKeymaster Trustlet Enables Local Privileged Code Exec Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2026-21045 Jul 10, 2026
Samsung libimagecodec.media.quram OOB write in TIFF parser Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory.
Samsung Mobile Devices
CVE-2026-21044 Jul 10, 2026
Local Persistence Bypass via Improper Auth in KnoxGuardManager Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
Samsung Mobile Devices
CVE-2026-21043 Jul 10, 2026
Path Traversal in Samsung Android Wallpaper Service Exposes System Files Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege.
Samsung Mobile Devices
CVE-2026-21042 Jul 10, 2026
Samsung Android libsavsac.so OOB Write RCE Vulnerability Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2026-21041 Jul 10, 2026
Improper Access Control in Samsung SE Agent Service Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21040 Jul 10, 2026
Improper Access Control in IAFDService Allows Local Privileged Use Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged attackers to use the privileged APIs.
Samsung Mobile Devices
CVE-2026-21039 Jul 10, 2026
Samsung Mobile Settings Improper ACL in Theft-Protection Config Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to configure Theft protection settings.
Samsung Mobile Devices
CVE-2026-21038 Jun 05, 2026
Samsung Android USB Driver for Windows 1.9.5.0 Improper Validation OOB Memory Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Android
CVE-2026-21037 Jun 05, 2026
Android: Samsung Members <5.8.01.5 IA Arbitrary Activity (CVE-2026-21037) Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Members
CVE-2026-21036 Jun 05, 2026
Improper Auth in Samsung Internet <30.0.0.39 Local Public Data Leak Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Internet
CVE-2026-21035 Jun 05, 2026
Samsung Plus TV Improper Input Validation (before 1.0.28.6) Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
CVE-2026-21034 Jun 05, 2026
Samsung Auto - Improper Export of Android Components (v3.1.2.61, v3.2.0.38) Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
CVE-2026-21033 Jun 05, 2026
Exposed ExpressHomeWidgetReceiver Enables Local Exec in Samsung Assistant <9.3.14 Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CVE-2026-21032 Jun 05, 2026
SHWR Android comp exp flaw Samsung Assistant <9.3.14 Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CVE-2026-21031 Jun 05, 2026
AppBlock Improper Authorization for Local Arbitrary Activity Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Samsung Mobile Devices
CVE-2026-21030 Jun 05, 2026
MediaTek Audio HAL Access Control Bypass (CVE-2026-21030) Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Samsung Mobile Devices
CVE-2026-21029 Jun 05, 2026
Android Galaxy Editing Service Misexport Enables Local Privilege Escalation Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Samsung Mobile Devices
CVE-2026-21028 Jun 05, 2026
Improper ACL in Samsung Android AuditLogService Allows Local Info Leak Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21027 Jun 05, 2026
Android ImsSettings Improper Export Enables Local Logging Exploit Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Samsung Mobile Devices
CVE-2026-21026 Jun 05, 2026
SpriteWallpaper Android App Improper Exposed Components Allow Local Info Access Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Samsung Mobile Devices
CVE-2026-21025 Jun 05, 2026
Samsung Telephony PRIVILEGE Escalation via incorrect permission assignment Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21017 Jun 05, 2026
Android: SecTelephonyProvider Privilege Escalation via Improper Access Controls Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Samsung Mobile Devices
CVE-2026-8916 Jun 04, 2026
Out-of-bounds Write/OOB Buffer Overflow in Samsung rlottie (CVE-2026-8916) Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635.
Rlottie
CVE-2026-49510 Jun 04, 2026
Samsung rlottie Integer Overflow Vulnerability CVE-2026-49510 Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f.
Rlottie
CVE-2026-10305 Jun 04, 2026
OOB Read in Samsung rlottie (Open Source) Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
Rlottie
CVE-2026-21024 May 13, 2026
Samsung System Support Service <8.0.8.0 LPE via Improper Priv Mgt Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
CVE-2026-21022 May 13, 2026
Samsung Routines Improper Insufficient Permissions Local Info Disclosure Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21021 May 13, 2026
Samsung Mobile Routines Improper Input Validation Enables Priv Escalation Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
Samsung Mobile Devices
CVE-2026-21020 May 13, 2026
Android OmaCP Improper Export Enables Local Privilege Escalation Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
Samsung Mobile Devices
CVE-2026-21019 May 13, 2026
Galaxy Watch: Input Validation Flaw in FacAtFunction Enables Arbitrary Code Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.
Samsung Mobile Devices
CVE-2026-21018 May 13, 2026
OOB write in SveService permits local privileged exec (Samsung) Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2026-21016 May 13, 2026
Android LocationManager Privilege Escalation via Incorrect Assignment Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21015 May 13, 2026
FactoryCamera default permission flaw exposes unique ID Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
Samsung Mobile Devices
CVE-2026-21023 Apr 29, 2026
Android PackageManagerService Data Auth Verification Flaw Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
Samsung Mobile Devices
CVE-2026-21010 Apr 13, 2026
Samsung Mobile Retail Mode Improper Input Validation for Privileged Escalation Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
Samsung Mobile Devices
CVE-2026-21008 Apr 13, 2026
Samsung S Share Sensitive Info Leak via Adjacent Attack Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
Samsung Mobile Devices
CVE-2026-21014 Apr 13, 2026
Samsung Camera <16.5.00.28 Improper Access Control Exposes Location Data Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
CVE-2026-21013 Apr 13, 2026
Galaxy Wearable <=2.2.68.26 Local Perm Leak via Default Perm (CVE202621013) Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.
CVE-2026-21012 Apr 13, 2026
Samsung AODManager LFI: Privileged Local File Creation External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
Samsung Mobile Devices
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.