Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
PUBLISHED5.2
Problem type
- CWE-926: Improper Export of Android Application Components
Affected products
Samsung Mobile
Samsung Mobile Devices
< * - UNAFFECTED
References
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-21020Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-21020",
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"dateUpdated": "2026-05-13T04:56:23.189Z",
"dateReserved": "2025-12-11T01:33:35.804Z",
"datePublished": "2026-05-13T04:56:23.189Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile",
"dateUpdated": "2026-05-13T04:56:23.189Z"
},
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions."
}
],
"affected": [
{
"vendor": "Samsung Mobile",
"product": "Samsung Mobile Devices",
"defaultStatus": "affected",
"versions": [
{
"version": "SMR May-2026 Release in Android 14, 15, 16",
"status": "unaffected",
"versionType": "semver",
"lessThan": "*"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-926: Improper Export of Android Application Components"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=05"
}
],
"metrics": [
{
"format": "CVSS"
}
]
}
}
}