CVE-2026-21012
Received
Received - Intake
Privilege Escalation via Filename Control in AODManager
Publication date: 2026-04-13
Last updated on: 2026-04-13
Assigner: Samsung Mobile
Description
Description
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the external control of a file name in the AODManager component prior to the SMR Apr-2026 Release 1. It allows a privileged local attacker to create a file with system-level privileges by manipulating the file name.
How can this vulnerability impact me? :
An attacker with local privileged access could exploit this vulnerability to create files with system privileges. This could lead to unauthorized modification or creation of system files, potentially compromising system integrity or enabling further attacks.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70