CVE-2026-21023
Insufficient Data Verification in PackageManagerService Enables Local Privilege Escalation
Publication date: 2026-04-29
Last updated on: 2026-05-01
Assigner: Samsung Mobile
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 14.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 15.0 |
| samsung | android | 15.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
| samsung | android | 14.0 |
| samsung | android | 15.0 |
| samsung | android | 16.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient verification of data authenticity in the PackageManagerService before the SMR Mar-2026 Release 1. It allows local attackers to modify the installation restrictions of specific applications.
How can this vulnerability impact me? :
Because local attackers can modify installation restrictions of specific applications, this vulnerability could allow unauthorized installation or modification of apps, potentially leading to security risks such as installation of malicious software or bypassing security policies.
Can you explain this vulnerability to me?
This vulnerability involves insufficient verification of data authenticity in the PackageManagerService before the SMR Mar-2026 Release 1. It allows local attackers to modify the installation restrictions of specific applications.
How can this vulnerability impact me? :
An attacker with local access could exploit this vulnerability to change installation restrictions on certain applications. This could potentially allow unauthorized installation or modification of applications, which may lead to security risks such as the introduction of malicious software or bypassing security policies.