PatchSiren cyber security CVE debrief
CVE-2026-21028 Samsung Mobile CVE debrief
CVE-2026-21028 is a medium-severity vulnerability in the AuditLogService of Samsung devices prior to SMR Jun-2026 Release 1. The vulnerability, with a CVSS score of 5.1, allows local attackers to access sensitive information due to improper access control.
- Vendor
- Samsung Mobile
- Product
- Samsung Mobile Devices
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-06
Who should care
Users of Samsung devices, particularly those using versions prior to SMR Jun-2026 Release 1, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by improper access control in the AuditLogService, which allows local attackers to access sensitive information. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
medium
Recommended defensive actions
- Apply the security patch released by Samsung for SMR Jun-2026 Release 1 or later.
- Use secure practices when handling sensitive information.
- Limit access to sensitive data and services.
Evidence notes
The information provided is based on data from the National Vulnerability Database (NVD) and Samsung's official security update page.
Official resources
-
CVE-2026-21028 CVE record
CVE.org
-
CVE-2026-21028 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-21028 was published on 2026-06-05T11:16:35.327Z and modified on 2026-06-06T02:00:22.073Z.