MEDIUM
Samsung Mobile
CVE published 2026-03-16
CVE-2026-20994
A URL redirection vulnerability in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially obtain access tokens. The vulnerability, published March 16, 2026 and last modified May 20, 2026, stems from improper URL redirection handling (CWE-601) that could enable token theft by a local, unprivileged attacker. The CVSS 4.0 vector indicates local attack vector with low attack complexi [truncated]