anonhaven
Ad

CVE-2026-20989

MEDIUM CVSS 4.0: 5.1 EPSS 0.01%
Updated Mar 20, 2026
Samsung
Parameter Value
CVSS 5.1 (MEDIUM)
Type CWE-347 (Improper Verification of Cryptographic Signature)
Vendor Samsung
Public PoC No

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

Attack Parameters

Attack Vector
Physical
Requires physical access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Active
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-347 Improper Verification of Cryptographic Signature

Vulnerable Products 8

Configuration From (including) Up to (excluding)
Samsung Android
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
Samsung Android
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*

References 1

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03
mobile.security@samsung.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-21014

Samsung

5.1

CVE-2026-21013

Samsung

6.9

CVE-2026-21003

Samsung

5.2

CVE-2025-52908

Samsung

9.8

CVE-2025-54601

Samsung

7.0