Galaxy Store Samsung Galaxy Store

  1. Vendors
  2. Samsung
  3. Galaxy Store

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Samsung Galaxy Store.

By the Year

In 2026 there have been 1 vulnerability in Samsung Galaxy Store. Last year, in 2025 Galaxy Store had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Galaxy Store in 2026 could surpass last years number.




Year Vulnerabilities Average Score
2026 1 0.00
2025 3 5.33
2024 6 5.47
2023 8 7.99
2022 9 6.86
2021 1 5.50

It may take a day or so for new Galaxy Store vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Galaxy Store Security Vulnerabilities

Galaxy Store <4.6.02: PIV -> local script exec
CVE-2026-20976 - January 09, 2026

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.

Galaxy Store: Improper export of Android allows local installs (1.0.06.28)
CVE-2025-58483 5.9 - Medium - December 02, 2025

Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.

Galaxy Store <4.5.90.7: Intent Verification Flaw Allows Local File Write
CVE-2025-20951 5.5 - Medium - April 08, 2025

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Galaxy Store <4.5.87.6: Auth Bypass via Alt Path (Physical Attack)
CVE-2025-20895 4.6 - Medium - February 04, 2025

Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

GalaxyStore <4.5.81 Improper Intent Verification Launches Unexported Activities
CVE-2024-34601 5.3 - Medium - July 02, 2024

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.

Galaxy Store <4.5.71.8: Improper Intent Verification Enables Local File Write
CVE-2024-20870 5.5 - Medium - May 07, 2024

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

Galaxy Store <=4.5.63.6 Implicit Intent Hijack in AccountActivity
CVE-2024-20822 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Galaxy Store <4.5.63.6 SamsungAccount Intent Hijack
CVE-2024-20823 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Galaxy Store <4.5.63.6: VoiceSearch Implicit Intent Hijacking
CVE-2024-20824 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Galaxy Store <4.5.63.6: IAP Implicit Intent Hijack Vulnerability
CVE-2024-20825 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Galaxy Store <4.5.64.4 URL Validation Flaw in MCSLaunch: Executes JS API
CVE-2023-42580 9.8 - Critical - December 05, 2023

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

CVE-2023-42581 URL Validation Flaw in GalaxyStore <4.5.64.4
CVE-2023-42581 7.5 - High - December 05, 2023

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

Galaxy Store Intent Sanitization Flaw Enables Local Privilege Gain <4.5.56.6
CVE-2023-30705 5.5 - Medium - August 10, 2023

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

AuthZ

Galaxy Store <4.5.49.8: Improper Scheme Validation Enables JS-API APK Install
CVE-2023-21514 8.8 - High - May 26, 2023

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Improper Input Validation

Samsung Galaxy Store <4.5.49.8: Remote JS Execution via InstantPlay Script
CVE-2023-21515 8.8 - High - May 26, 2023

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

GALAXY STORE XSS via InstantPlay < v4.5.49.8
CVE-2023-21516 9.6 - Critical - May 26, 2023

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

XSS

Galaxy Store <=4.5.49.8 Improper Access Control Local Exploit
CVE-2023-21433 7.8 - High - February 09, 2023

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

Incorrect Default Permissions

Galaxy Store <4.5.49.8 Improper Input Validation Allows Local JS Execution
CVE-2023-21434 6.1 - Medium - February 09, 2023

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

XSS

Samsung Galaxy Store 2.2.11 Intent Leak MAC
CVE-2022-36873 6.5 - Medium - September 09, 2022

Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33708 7.8 - High - July 12, 2022

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Improper Privilege Management

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33709 7.8 - High - July 12, 2022

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Improper Privilege Management

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33710 7.8 - High - July 12, 2022

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Improper Privilege Management

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8
CVE-2022-28791 5.5 - Medium - May 03, 2022

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.

Improper Input Validation

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5
CVE-2022-28542 5.5 - Medium - April 11, 2022

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.

AuthZ

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5
CVE-2022-28544 5.5 - Medium - April 11, 2022

Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.

Directory traversal

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4
CVE-2022-28776 7.8 - High - April 11, 2022

Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5
CVE-2022-22288 7.5 - High - January 10, 2022

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4
CVE-2021-25499 5.5 - Medium - October 06, 2021

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Samsung Galaxy Store or by Samsung? Click the Watch button to subscribe.

Samsung
Vendor

Samsung Galaxy Store
Product

subscribe