CVE-2026-21011
Received Received - Intake
Incorrect Privilege Assignment in Bluetooth Maintenance Mode Enables Bypass

Publication date: 2026-04-13

Last updated on: 2026-04-13

Assigner: Samsung Mobile

Description
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-13
Generated
2026-05-07
AI Q&A
2026-04-13
EPSS Evaluated
2026-05-05
NVD
CVE-2026-21011
EUVD
EUVD-2026-21866
Affected Vendors & Products
Showing 79 associated CPEs
Vendor Product Version / Range
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 14.0
samsung android 15.0
samsung android 15.0
samsung android 15.0
samsung android 14.0
samsung android 14.0
samsung android 15.0
samsung android 15.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 15.0
samsung android 15.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
samsung android 14.0
samsung android 15.0
samsung android 16.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability allows physical attackers to bypass security controls related to Extend Unlock in Bluetooth Maintenance mode. This could potentially lead to unauthorized access or actions on the affected device, compromising its security.


Can you explain this vulnerability to me?

This vulnerability involves incorrect privilege assignment in the Bluetooth component when the device is in Maintenance mode. It affects versions prior to the SMR Apr-2026 Release 1. Due to this flaw, physical attackers can bypass the Extend Unlock security mechanism.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart