PatchSiren cyber security CVE debrief
CVE-2026-21026 Samsung Mobile CVE debrief
CVE-2026-21026 is a MEDIUM-severity vulnerability (CVSS Score: 6.4) affecting Samsung's SpriteWallpaper application on Android devices. The issue arises from the improper export of Android application components, allowing local attackers to access sensitive information. The vulnerability was published on 2026-06-05T11:16:35.093Z and modified on 2026-06-06T02:00:55.580Z.
- Vendor
- Samsung Mobile
- Product
- Samsung Mobile Devices
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-06
Who should care
Android users with devices running Samsung's SpriteWallpaper application prior to SMR Jun-2026 Release 1 should be aware of this vulnerability. Local attackers could exploit this issue to access sensitive information.
Technical summary
The vulnerability is caused by the improper export of Android application components in SpriteWallpaper. This allows local attackers to access sensitive information. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Users should update their Samsung devices to SMR Jun-2026 Release 1 or later to patch this vulnerability.
- Use secure practices when granting permissions to applications, especially those with access to sensitive information.
Evidence notes
The CVE record and details were obtained from official sources, including CVE.org and NVD.
Official resources
-
CVE-2026-21026 CVE record
CVE.org
-
CVE-2026-21026 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-21026 was published on 2026-06-05T11:16:35.093Z and modified on 2026-06-06T02:00:55.580Z.