CVE-2026-21023
MEDIUMDescription
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
Is your site exposed to CVE-2026-21023?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Affected Products
| Vendor | Product |
|---|---|
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
| samsung | android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-21023? +
How severe is CVE-2026-21023? +
What products are affected by CVE-2026-21023? +
How do I check if I'm vulnerable to CVE-2026-21023? +
Related Vulnerabilities
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Overread Buffers.This issue affects rLottie: V0.2.
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers …
Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2.
An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, …
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO …