Samsung Samsung

  1. Vendors
  2. Samsung

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Samsung product.

RSS Feeds for Samsung security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Samsung products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android351 vulnerabilities

Samsung Mobile Devices83 vulnerabilities

Samsung Notes61 vulnerabilities

Samsung Exynos56 vulnerabilities

Samsung Galaxy Store31 vulnerabilities

Samsung Internet26 vulnerabilities

Samsung Magicinfo 9 Server24 vulnerabilities

Samsung Account23 vulnerabilities

Samsung Smartthings19 vulnerabilities

Samsung Pass14 vulnerabilities

Samsung Blockchain Keystore12 vulnerabilities

Samsung Email12 vulnerabilities

Samsung Health11 vulnerabilities

Samsung Pass10 vulnerabilities

Samsung Email9 vulnerabilities

Samsung Members9 vulnerabilities

Samsung Cloud8 vulnerabilities

Samsung Gallery8 vulnerabilities

Samsung Rlottie7 vulnerabilities

Samsung Flow7 vulnerabilities

Samsung Blockchain Keystore7 vulnerabilities

Samsung Data Management Server Firmware6 vulnerabilities

Samsung Flow6 vulnerabilities

Samsung Wear Os6 vulnerabilities

Samsung Pay4 vulnerabilities

Samsung Magician4 vulnerabilities

Samsung Update3 vulnerabilities

Samsung Exynos 1380 Firmware3 vulnerabilities

Samsung Bixby2 vulnerabilities

Samsung Nearby Device Scanning2 vulnerabilities

Samsung Uphelper Library2 vulnerabilities

Samsung Easysetup2 vulnerabilities

Samsung Escargot2 vulnerabilities

Samsung Exynos 2200 Firmware2 vulnerabilities

Samsung Exynos Modem 5300 Firmware2 vulnerabilities

Samsung Galaxy S24 Firmware2 vulnerabilities

Samsung Group Sharing2 vulnerabilities

Samsung Assistant1 vulnerability

Samsung Dex1 vulnerability

Samsung Exynos 1080 Firmware1 vulnerability

Samsung Exynos 1280 Firmware1 vulnerability

Samsung Exynos 1330 Firmware1 vulnerability

Samsung Exynos 1480 Firmware1 vulnerability

Samsung Exynos W930 Firmware1 vulnerability

Samsung Galaxystore1 vulnerability

Recent Samsung Security Advisories

Advisory Title Published
SMR-Jun-2026 Samsung Mobile Security Maintenance Release SMR-Jun-2026 June 2, 2026
SMR-May-2026 Samsung Mobile Security Maintenance Release SMR-May-2026 May 6, 2026
SMR-Apr-2026 Samsung Mobile Security Maintenance Release SMR-Apr-2026 April 7, 2026
SMR-Mar-2026 Samsung Mobile Security Maintenance Release SMR-Mar-2026 March 3, 2026
SMR-Feb-2026 Samsung Mobile Security Maintenance Release SMR-Feb-2026 February 3, 2026
SMR-Jan-2026 Samsung Mobile Security Maintenance Release SMR-Jan-2026 January 6, 2026
SMR-Dec-2025 Samsung Mobile Security Maintenance Release SMR-Dec-2025 December 2, 2025
SMR-Nov-2025 Samsung Mobile Security Maintenance Release SMR-Nov-2025 November 11, 2025

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung MagicINFO 9 Server Path Traversal Vulnerability Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
CVE-2024-7399 Exploit Probability: 70.7% 		April 24, 2026
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
CVE-2025-21042 Exploit Probability: 4.4% 		November 10, 2025
Samsung Mobile Devices Out-of-Bounds Write Vulnerability Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
CVE-2025-21043 Exploit Probability: 4.9% 		October 2, 2025
Samsung MagicINFO 9 Server Path Traversal Vulnerability Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
CVE-2025-4632 Exploit Probability: 42.6% 		May 22, 2025
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
CVE-2022-22265 Exploit Probability: 0.2% 		September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
CVE-2021-25487 Exploit Probability: 2.6% 		June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
CVE-2021-25489 Exploit Probability: 0.3% 		June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25394 Exploit Probability: 0.4% 		June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
CVE-2021-25395 Exploit Probability: 0.2% 		June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
CVE-2021-25371 Exploit Probability: 1.6% 		June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
CVE-2021-25372 Exploit Probability: 1.8% 		June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
CVE-2023-21492 Exploit Probability: 0.4% 		May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
CVE-2021-25337 Exploit Probability: 0.8% 		November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
CVE-2021-25369 Exploit Probability: 0.2% 		November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
CVE-2021-25370 Exploit Probability: 0.5% 		November 8, 2022

2 known exploited Samsung vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 83 vulnerabilities in Samsung with an average score of 7.3 out of ten. Last year, in 2025 Samsung had 191 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Samsung in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.98.




Year Vulnerabilities Average Score
2026 83 7.27
2025 191 6.29
2024 230 5.95
2023 236 6.33
2022 147 5.66
2021 73 5.73
2020 10 8.10
2019 7 7.00
2018 20 7.71

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-21038 Jun 05, 2026
Samsung Android USB Driver for Windows 1.9.5.0 Improper Validation OOB Memory Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Android
CVE-2026-21037 Jun 05, 2026
Android: Samsung Members <5.8.01.5 IA Arbitrary Activity (CVE-2026-21037) Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
Members
CVE-2026-21036 Jun 05, 2026
Improper Auth in Samsung Internet <30.0.0.39 Local Public Data Leak Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Internet
CVE-2026-21035 Jun 05, 2026
Samsung Plus TV Improper Input Validation (before 1.0.28.6) Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
CVE-2026-21034 Jun 05, 2026
Samsung Auto - Improper Export of Android Components (v3.1.2.61, v3.2.0.38) Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.
CVE-2026-21033 Jun 05, 2026
Exposed ExpressHomeWidgetReceiver Enables Local Exec in Samsung Assistant <9.3.14 Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CVE-2026-21032 Jun 05, 2026
SHWR Android comp exp flaw Samsung Assistant <9.3.14 Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CVE-2026-21031 Jun 05, 2026
AppBlock Improper Authorization for Local Arbitrary Activity Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Samsung Mobile Devices
CVE-2026-21030 Jun 05, 2026
MediaTek Audio HAL Access Control Bypass (CVE-2026-21030) Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.
Samsung Mobile Devices
CVE-2026-21029 Jun 05, 2026
Android Galaxy Editing Service Misexport Enables Local Privilege Escalation Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Samsung Mobile Devices
CVE-2026-21028 Jun 05, 2026
Improper ACL in Samsung Android AuditLogService Allows Local Info Leak Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21027 Jun 05, 2026
Android ImsSettings Improper Export Enables Local Logging Exploit Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
Samsung Mobile Devices
CVE-2026-21026 Jun 05, 2026
SpriteWallpaper Android App Improper Exposed Components Allow Local Info Access Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.
Samsung Mobile Devices
CVE-2026-21025 Jun 05, 2026
Samsung Telephony PRIVILEGE Escalation via incorrect permission assignment Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21017 Jun 05, 2026
Android: SecTelephonyProvider Privilege Escalation via Improper Access Controls Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.
Samsung Mobile Devices
CVE-2026-8916 Jun 04, 2026
Out-of-bounds Write/OOB Buffer Overflow in Samsung rlottie (CVE-2026-8916) Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635.
Rlottie
CVE-2026-49510 Jun 04, 2026
Samsung rlottie Integer Overflow Vulnerability CVE-2026-49510 Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f.
Rlottie
CVE-2026-10305 Jun 04, 2026
OOB Read in Samsung rlottie (Open Source) Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.
Rlottie
CVE-2026-21024 May 13, 2026
Samsung System Support Service <8.0.8.0 LPE via Improper Priv Mgt Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
CVE-2026-21022 May 13, 2026
Samsung Routines Improper Insufficient Permissions Local Info Disclosure Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21021 May 13, 2026
Samsung Mobile Routines Improper Input Validation Enables Priv Escalation Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
Samsung Mobile Devices
CVE-2026-21020 May 13, 2026
Android OmaCP Improper Export Enables Local Privilege Escalation Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
Samsung Mobile Devices
CVE-2026-21019 May 13, 2026
Galaxy Watch: Input Validation Flaw in FacAtFunction Enables Arbitrary Code Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.
Samsung Mobile Devices
CVE-2026-21018 May 13, 2026
OOB write in SveService permits local privileged exec (Samsung) Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Samsung Mobile Devices
CVE-2026-21016 May 13, 2026
Android LocationManager Privilege Escalation via Incorrect Assignment Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
Samsung Mobile Devices
CVE-2026-21015 May 13, 2026
FactoryCamera default permission flaw exposes unique ID Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
Samsung Mobile Devices
CVE-2026-21023 Apr 29, 2026
Android PackageManagerService Data Auth Verification Flaw Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
Samsung Mobile Devices
CVE-2026-21010 Apr 13, 2026
Samsung Mobile Retail Mode Improper Input Validation for Privileged Escalation Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
Samsung Mobile Devices
CVE-2026-21008 Apr 13, 2026
Samsung S Share Sensitive Info Leak via Adjacent Attack Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
Samsung Mobile Devices
CVE-2026-21014 Apr 13, 2026
Samsung Camera <16.5.00.28 Improper Access Control Exposes Location Data Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
CVE-2026-21013 Apr 13, 2026
Galaxy Wearable <=2.2.68.26 Local Perm Leak via Default Perm (CVE202621013) Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.
CVE-2026-21012 Apr 13, 2026
Samsung AODManager LFI: Privileged Local File Creation External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
Samsung Mobile Devices
CVE-2026-21011 Apr 13, 2026
Samsung Android Bluetooth Privilege Assignment Bypass in Maintenance Mode Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
Samsung Mobile Devices
CVE-2026-21009 Apr 13, 2026
App Pinning Bypass via Recents Improper Exception Check - CVE-2026-21009 Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.
Samsung Mobile Devices
CVE-2026-21007 Apr 13, 2026
Samsung Device Care excep. chk fail bypasses Knox Guard Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
Samsung Mobile Devices
CVE-2026-21006 Apr 13, 2026
Samsung DeX Access Control Flaw: Physical Attacker Can Read Hidden Notifications Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.
Samsung Mobile Devices
CVE-2026-21003 Apr 13, 2026
SMR Apr-2026 network restriction bypass via improper input validation Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.
Samsung Mobile Devices
CVE-2026-25203 Apr 10, 2026
MagicINFO 9 Server LPE via Incorrect Default Permissions (before 21.1091.1) Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.
Magicinfo 9 Server
CVE-2025-52908 Apr 07, 2026
Exynos WiFi Driver Buffer Overflow via NL80211 Cmd An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2.
Exynos
CVE-2026-21005 Mar 16, 2026
Path traversal in Samsung Smart Switch <3.7.69.15 allows file overwrite Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
CVE-2026-21004 Mar 16, 2026
Improper authentication in Smart Switch <3.7.69.15 leads to DoS Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
CVE-2026-21002 Mar 16, 2026
Galaxy Store Improper Signature Verification <4.6.03.8 Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.
Galaxy Store
CVE-2026-21001 Mar 16, 2026
Path Traversal CVE-2026-21001 in Galaxy Store <4.6.03.8 Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Galaxy Store
CVE-2026-21000 Mar 16, 2026
Improper AC in Galaxy Store <4.6.03.8 allows local file creation Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.
Galaxy Store
CVE-2026-20999 Mar 16, 2026
Authentication bypass in Samsung Smart Switch < 3.7.69.15 (Replay Attack) Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
CVE-2026-20998 Mar 16, 2026
Samsung Smart Switch Remote Auth Bypass pre-3.7.69.15 Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
CVE-2026-20997 Mar 16, 2026
Samsung Smart Switch <=3.7.69.15 Improper Signature Verification Allows Auth Bypass Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
CVE-2026-20996 Mar 16, 2026
Smart Switch <3.7.69.15 Remote Crypto Downgrade Auth Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
CVE-2026-20995 Mar 16, 2026
Smart Switch <3.7.69.15: Unauth Remote Config Change Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
CVE-2026-20994 Mar 16, 2026
Samsung Account URL Redirection (pre-15.5.01.1) Access Token Exposure URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
Account
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.