CVE-2026-21020

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.

high 7.8 CVSS 3.1
Published: May 13, 2026
Modified: May 13, 2026
Vendor: Samsung
Product: Android
Versions: 14.0,15.0,16.0

Description

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.

References

Related CVEs

CVE-2026-8915 high · 8.8
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.
CVE-2026-21016 medium · 5.5
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21018 medium · 6.7
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2026-21021 medium · 6.8
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
CVE-2026-21022 medium · 5.5
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
CVE-2026-21015 medium · 5.5
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.