Description
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
Published: 2026-04-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Patch Now
AI Analysis

Impact

The vulnerability arises within Samsung’s S Share feature of the Android operating system, allowing private information to be unintentionally exposed before the April 2026 SMR Release 1 update. An attacker positioned near the device can access this data, potentially revealing personal or device‑specific details. This flaw involves insufficient controls over who may read the shared content, resulting in a breach of confidentiality while leaving integrity and availability unaffected.

Affected Systems

Samsung Mobile Devices that run Android 14.0, Android 15.0 or Android 16.0, and have not yet received the April 2026 SMR Release 1 update. All models equipped with the S Share capability are impacted until the security patch is installed.

Risk and Exploitability

The reported impact score of 5.1 denotes a moderate risk level. The probability of exploitation is low, with very few recent attacks observed. The vulnerability is not listed in CISA’s known exploited vulnerabilities catalog, indicating that large‑scale exploitation has not yet occurred. The likely attack scenario requires physical or local proximity to the device, often involving a user‑initiated sharing action or nearby file access.

Generated by OpenCVE AI on April 14, 2026 at 17:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Samsung April 2026 SMR Release 1 update on affected devices
  • If the update cannot be applied immediately, disable the S Share feature until the patch is available
  • Verify that the device’s operating system has been updated to a patched version via the system settings or the Samsung security update portal

Generated by OpenCVE AI on April 14, 2026 at 17:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
Title Sensitive Data Exposure in Samsung S Share Before April 2026 Update
Weaknesses CWE-200
CWE-284

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Sensitive Data Exposure via S Share in Samsung Mobile Devices
Weaknesses CWE-200
CWE-284

Mon, 13 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung android
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*
Vendors & Products Samsung android
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Sensitive Data Exposure via S Share in Samsung Mobile Devices
Weaknesses CWE-200
CWE-284

Mon, 13 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung mobile Devices
Samsung Mobile
Samsung Mobile samsung Mobile Devices
Vendors & Products Samsung
Samsung mobile Devices
Samsung Mobile
Samsung Mobile samsung Mobile Devices

Mon, 13 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Description Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Android Mobile Devices
Samsung Mobile Samsung Mobile Devices
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-04-13T13:57:52.407Z

Reserved: 2025-12-11T01:33:35.803Z

Link: CVE-2026-21008

cve-icon Vulnrichment

Updated: 2026-04-13T13:57:47.865Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-13T06:16:05.360

Modified: 2026-04-13T18:38:06.243

Link: CVE-2026-21008

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T15:45:07Z

Weaknesses