CVE-2026-20988

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20988
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*
History

20 Mar 2026, 14:29

Type Values Removed Values Added
CPE cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
Summary
  • (es) Verificación incorrecta de la intención por el receptor de difusión en Ajustes antes de la versión SMR Mar-2026 Release 1 permite al atacante local lanzar actividad arbitraria con privilegio de Ajustes. Se requiere interacción del usuario para activar esta vulnerabilidad.
First Time Samsung android
Samsung
References () https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03 - () https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.0
CWE NVD-CWE-Other

16 Mar 2026, 14:18

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-16 14:18

Updated : 2026-03-20 14:29

NVD link : CVE-2026-20988

Mitre link : CVE-2026-20988

CVE.ORG link : CVE-2026-20988

JSON object : View

Products Affected

samsung

  • android
CWE
NVD-CWE-Other