CVE-2026-20994

URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.

medium 6.1 CVSS 3.1
Published: Mar 16, 2026
Modified: May 29, 2026
Vendor: Samsung
Product: Account

Description

URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.

References

Related CVEs

CVE-2026-8915 high · 8.8
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
CVE-2026-21016 medium · 5.5
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21018 medium · 6.7
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-21020 high · 7.8
Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.
CVE-2026-21021 medium · 6.8
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
CVE-2026-21022 medium · 5.5
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.