CVE-2026-21010 PUBLISHED

Assigner: SamsungMobile
Reserved: 11.12.2025 Published: 13.04.2026 Updated: 13.04.2026

Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.

Metrics

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.6

Product Status

Vendor Samsung Mobile
Product Samsung Mobile Devices
Versions Default: affected
  • unaffected from SMR Apr-2026 Release in Android 14, 15, 16 to * (excl.)

References

Problem Types

  • CWE-20 Improper Input Validation