OOB write in SveService permits local privileged exec (Samsung)
CVE-2026-21018 Published on May 13, 2026
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Products Associated with CVE-2026-21018
Want to know whenever a new CVE is published for Samsung Mobile Devices? stack.watch will email you.
Affected Versions
Samsung Mobile Devices:- Version SMR May-2026 Release in Android 14, 15, 16 and below * is unaffected.
Exploit Probability
EPSS
0.01%
Percentile
3.28%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.