Improper export of Android application components in Samsung Secure Folder before the March 2026 security update allows a local attacker to launch arbitrary activities with Secure Folder privileges. The defect arises from components marked exportable that can be invoked from outside the private storage area, granting the attacker the ability to execute code with elevated rights. This could enable unauthorized access to, modification of, or exfiltration of data protected inside Secure Folder and could trigger actions that normally require the user’s authentication.

The vulnerability impacts Samsung mobile devices running Android 14.0, 15.0 or 16.0 that include a Secure Folder implementation prior to the SMR Mar‑2026 Release 1 patch. All builds listed in the provided CPE inventory up through that release are susceptible; newer builds containing the March 2026 update are not affected.

A CVSS score of 8.4 denotes high severity, while the EPSS probability is below 1 %, implying low current exploitation likelihood. Exploitation requires local device or physical access; the attacker can trigger the exported component to run code in the Secure Folder context, potentially compromising data or performing unauthorized actions. No publicly available exploits are documented and the flaw is not recorded in the known exploited vulnerabilities catalogue.