An improper access control flaw in the Emergency Sharing component allows a local attacker to interrupt its functioning. The flaw permits a user with local device access to stop the emergency sharing process, potentially preventing the timely transmission of critical information to emergency services. The vulnerability does not grant additional privileges or data exfiltration; its primary impact is denial of a safety‐related feature.

Samsung Mobile Devices running Android 14, 15, or 16, specifically on firmware versions prior to SMR February 2026 Release 1. All SMR releases listed in the CPE data—including the 2022‑2025 updates for Android 14, the 2025‑2026 releases for Android 15, and the 2025‑2026 releases for Android 16—are affected unless updated to the February 2026 security patch. Users on older Android versions without the proposed feature are not impacted.

The CVSS score of 6.9 reflects moderate impact and local execution, while the EPSS score of less than 1% indicates a very low likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA KEV catalog, further suggesting limited active exploitation. Successful exploitation requires local access to the device, such as physical control or an already compromised environment. Once achieved, the attacker can cause a denial of the emergency sharing service but cannot gain higher privileges or exfiltrate data.