anonhaven
Ad

CVE-2026-20988

MEDIUM CVSS 4.0: 6.8 EPSS 0.01%
Updated Mar 20, 2026
Samsung
Parameter Value
CVSS 6.8 (MEDIUM)
Vendor Samsung
Public PoC No

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Vulnerable Products 8

Configuration From (including) Up to (excluding)
Samsung Android
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*

References 1

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03
mobile.security@samsung.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-21005

Samsung

7.1

CVE-2026-21004

Improper

6.9

CVE-2026-20999

Samsung

7.1

CVE-2026-20998

Improper

7.1

CVE-2026-20997

Improper

5.3