Vulnerability in Samsung Mobile Devices
CVE-2026-20988
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.
EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.
Affected products
- Samsung Mobile Devices — versions SMR Mar-2026 Release in Android 16