The vulnerability exists in Samsung Device Care on Samsung Mobile Devices before the SMR Apr-2026 Release 1. Improper handling of exceptional conditions allows a physical attacker to bypass the Knox Guard control, granting unauthorized access to protected functions and potentially sensitive device data. The weakness aligns with protection‑mechanism failure.

Affected vendors: Samsung Mobile. Products: Samsung Mobile Devices running Device Care before SMR Apr-2026 Release 1. No specific OS or firmware versions are listed, so any models with that pre‑release firmware are potentially vulnerable.

The CVSS score of 4.4 indicates moderate severity, largely due to the need for physical proximity and lack of a public exploit. The EPSS score is not available, and the vulnerability is not in the CISA KEV catalog, suggesting no widespread exploitation has been reported. The most likely attack vector is a physical attacker with direct device access exploiting the exception path in Device Care to bypass Knox Guard.