CVE-2026-21033
Received
Received - Intake
Improper Component Export in Samsung Assistant
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Samsung Mobile
Description
Description
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | assistant | to 9.3.14 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an improper export of Android application components in the ExpressHomeWidgetReceiver of Samsung Assistant versions prior to 9.3.14. It allows a local attacker to execute arbitrary scripts on the affected device.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to execute arbitrary scripts, which may lead to unauthorized actions or compromise of the device's security. This could result in data manipulation, unauthorized access, or other malicious activities depending on the attacker's intent.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70