This vulnerability allows an attacker who is adjacent to a Samsung mobile device to read sensitive information through the S Share feature before the SMR Apr-2026 Release 1 update is installed. The flaw enables the disclosure of private data, such as shared files or personal information, effectively compromising user confidentiality. The weakness stems from inadequate access control (CWE‑200) and improper privilege management (CWE‑284).

The issue affects Samsung Mobile Devices running Android 14 across a range of SMR updates from Dec‑2021 to Apr‑2026, as well as Android 15 and 16 releases covered by the listed SMR release cycles. All devices that have not applied the SMR Apr‑2026 Release 1 patch are vulnerable.

With a CVSS score of 5.1, the vulnerability is assessed as moderate severity. The EPSS score is below 1%, indicating a low probability of exploitation, and it is not listed in the CISA KEV catalog. The most likely attack vector is local—an attacker must be in close proximity to the target device to leverage the S Share functionality. If successful, the attacker could access sensitive data, leading to confidentiality loss. The overall risk to users is moderate but can be mitigated with the official update.