PatchSiren cyber security CVE debrief
CVE-2026-21034 Samsung Mobile CVE debrief
CVE-2026-21034 is a medium-severity vulnerability affecting Samsung Auto. The issue arises from the improper export of Android application components, allowing a local attacker to change audio configurations. This vulnerability impacts Samsung Auto versions prior to 3.1.2.61 on Android 15 and 3.2.0.38 on Android 16.
- Vendor
- Samsung Mobile
- Product
- Samsung Auto
- CVSS
- MEDIUM 4.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Samsung Auto on Android 15 and 16 should be aware of this vulnerability. Specifically, those with versions prior to 3.1.2.61 on Android 15 and 3.2.0.38 on Android 16 are at risk.
Technical summary
The vulnerability has a CVSS score of 4.8 and is classified as medium severity. It allows a local attacker to change audio configurations due to improper export of Android application components in Samsung Auto.
Defensive priority
Medium
Recommended defensive actions
- Update Samsung Auto to version 3.1.2.61 or later on Android 15 devices.
- Update Samsung Auto to version 3.2.0.38 or later on Android 16 devices.
Evidence notes
The CVE was published on June 5, 2026, and last modified on the same day. The vendor is listed as 'Unknown Vendor', but evidence suggests the product is from Samsung.
Official resources
-
CVE-2026-21034 CVE record
CVE.org
-
CVE-2026-21034 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-21034 was published on June 5, 2026, and last modified on the same day.