CVE-2026-20988
Improper Intent Verification in Samsung Settings Enables Privileged Activity
Publication date: 2026-03-16
Last updated on: 2026-03-20
Assigner: Samsung Mobile
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
This vulnerability involves improper verification of intent by a broadcast receiver in the Samsung Settings application prior to the SMR March 2026 Release 1. It allows a local attacker to launch an arbitrary activity with Settings privileges. However, user interaction is required to trigger this vulnerability.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to execute arbitrary activities within the Settings application with elevated privileges. This could potentially lead to unauthorized changes in device settings or exposure of sensitive configurations, impacting device security and user privacy. However, exploitation requires user interaction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know