Description
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
Published: 2026-04-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Location data disclosure
Action: Apply patch
AI Analysis

Impact

This vulnerability arises from improper access control in the Samsung Camera application, enabling a local attacker to retrieve the device's location data. The primary impact is a privacy breach, where sensitive location information becomes available to an attacker who can access the device. The weakness corresponds to CWE‑284, where insecure permissions allow unauthorized data access.

Affected Systems

Samsung Mobile devices running the Camera application version lower than 16.5.00.28 are affected. The issue is present in all releases of Samsung Camera before that build, regardless of device model or region.

Risk and Exploitability

The CVSS score of 5.1 indicates a medium severity level, and the vendor has not listed this vulnerability in the CISA KEV catalog. The likelihood of exploitation is uncertain due to the requirement of user interaction and the fact that the attacker must have local physical or acquaintance access to the target device. However, once the conditions are met, the attacker can obtain the device’s location data without additional privileges.

Generated by OpenCVE AI on April 13, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Samsung Camera to version 16.5.00.28 or newer
  • If immediate update is not available, restrict the camera app’s location permission or disable location access for the app
  • Check Samsung security advisories for any new updates or workarounds

Generated by OpenCVE AI on April 13, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Local Attacker Can Access Location Data via Improper Access Control in Samsung Camera
Weaknesses CWE-284

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Mobile
Samsung Mobile samsung Camera
Vendors & Products Samsung Mobile
Samsung Mobile samsung Camera

Mon, 13 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Description Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Mobile Samsung Camera
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-04-13T14:31:18.617Z

Reserved: 2025-12-11T01:33:35.803Z

Link: CVE-2026-21014

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-13T06:16:06.140

Modified: 2026-04-13T15:01:43.663

Link: CVE-2026-21014

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:52:54Z

Weaknesses