PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-21033 Samsung CVE debrief

CVE-2026-21033 is a medium severity vulnerability in the Samsung Assistant application. The issue arises from the improper export of Android application components in the ExpressHomeWidgetReceiver, which allows local attackers to execute arbitrary scripts. This vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt].

Vendor
Samsung
Product
Assistant
CVSS
MEDIUM 6.9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-05
Original CVE updated
2026-06-11
Advisory published
2026-06-05
Advisory updated
2026-06-11

Who should care

Users of Samsung Assistant prior to version 9.3.14 should update to the latest version to mitigate this vulnerability. Local attackers could exploit this issue to execute arbitrary scripts.

Technical summary

The vulnerability is caused by the improper export of Android application components in the ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14. This allows local attackers to execute arbitrary scripts. The CVSS score for this vulnerability is 6.9, indicating a medium severity level.

Defensive priority

The CVSS score for this vulnerability is 6.9, indicating a medium severity level. Users of Samsung Assistant prior to version 9.3.14 should update to the latest version to mitigate this vulnerability.

Recommended defensive actions

  • Update Samsung Assistant to version 9.3.14 or later.

Evidence notes

The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt]. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Official resources

CVE-2026-21033 was published on 2026-06-05T11:16:35.897Z and modified on 2026-06-11T19:43:25.763Z.