Description
Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
Published: 2026-03-16
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local information disclosure
Action: Apply patch
AI Analysis

Impact

Samsung Assistant prior to version 9.3.10.7 improperly exports Android application components, allowing a local attacker to read data stored by the assistant. This results in a confidentiality breach of user information that should remain private.

Affected Systems

The vulnerability affects Samsung Mobile’s Samsung Assistant on devices running any build earlier than 9.3.10.7. Versions 9.3.10.7 and later have corrected the component export handling, making the issue absent from those releases.

Risk and Exploitability

With a CVSS score of 4.8 the risk is considered low. The EPSS score of less than 1 % indicates that exploitation is unlikely. No remote attack vector is disclosed; the flaw is exploitable only by a local actor with physical or logical access to the device, for example a user in possession of the phone or a malicious app with user‑level permissions. There is no privilege escalation beyond the local context, and the vulnerability is not listed in CISA’s KEV catalog, further reducing immediate threat.

Generated by OpenCVE AI on April 8, 2026 at 23:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Samsung Assistant to a version newer than 9.3.10.7 when an update is available
  • If no update is available, uninstall or disable Samsung Assistant to eliminate the disclosure risk
  • Continuously monitor Samsung security advisories for additional patches or guidance

Generated by OpenCVE AI on April 8, 2026 at 23:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Local Information Disclosure via Improper Component Export in Samsung Assistant

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Local Information Disclosure via Improper Component Export in Samsung Assistant
Weaknesses CWE-200

Tue, 07 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung assistant
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:samsung:assistant:*:*:*:*:*:*:*:*
Vendors & Products Samsung assistant
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Local Information Disclosure via Improper Component Export in Samsung Assistant
Weaknesses CWE-200

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Local Access to Saved Information via Improper Component Export
Weaknesses CWE-284

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Local Access to Saved Information via Improper Component Export
Weaknesses CWE-284

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Title Local Access to Saved Information via Improperly Exported Android Components
Weaknesses CWE-269
CWE-284

Thu, 26 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Title Local Access to Saved Information via Improperly Exported Android Components
Weaknesses CWE-269
CWE-284

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Local Data Exposure via Improper Export of Samsung Assistant Components
Weaknesses CWE-200
CWE-285

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Title Local Data Exposure via Improper Export of Samsung Assistant Components
Weaknesses CWE-200
CWE-285

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Application Components in Samsung Assistant Exposes Stored Information
Weaknesses CWE-200
CWE-285

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Application Components in Samsung Assistant Exposes Stored Information
Weaknesses CWE-200
CWE-285

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung samsung Assistant
Vendors & Products Samsung
Samsung samsung Assistant

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 04:45:00 +0000

Type Values Removed Values Added
Description Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Assistant Samsung Assistant
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-03-16T13:19:36.779Z

Reserved: 2025-12-11T01:33:35.801Z

Link: CVE-2026-20993

cve-icon Vulnrichment

Updated: 2026-03-16T13:16:05.930Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:10.147

Modified: 2026-04-07T00:37:35.297

Link: CVE-2026-20993

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:29:49Z

Weaknesses