CVE-2026-20989
Improper Signature Verification in Font Settings Enables Unauthorized Font Use
Publication date: 2026-03-16
Last updated on: 2026-03-20
Assigner: Samsung Mobile
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
| samsung | android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper verification of cryptographic signatures in the Font Settings component of Samsung devices prior to the SMR Mar-2026 Release 1.
Because of this flaw, physical attackers can exploit the system by using custom fonts that are not properly verified, potentially bypassing security measures.
How can this vulnerability impact me? :
The vulnerability allows physical attackers to use custom fonts by bypassing cryptographic signature verification.
This could lead to unauthorized modifications or manipulations of the device's font settings, which might be leveraged for further attacks or to compromise device integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know