The vulnerability exists in Samsung Mobile Devices’ PackageManagerService where insufficient verification of data authenticity allows a local attacker to alter the installation restriction of a specific application. This change can enable the attacker to install rogue or unauthenticated apps and bypass device security controls; based on the description, it is inferred that such installation could occur. The impact is an elevation of privileges at the device level.

Samsung Mobile Devices running Android 14, Android 15, or Android 16, including all security maintenance releases (SMR) prior to SMR Mar‑2026 Release 1. Any device not updated to the March 2026 security patch is potentially vulnerable; the CPE list confirms coverage across all quarterly updates for versions 14.0, 15.0, and 16.0.

The vulnerability carries a CVSS score of 6.9, indicating a moderate impact if exploited locally. The EPSS score is less than 1%, denoting a low probability of automated exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Because exploitation requires physical or local access to the device, the risk is confined to situations where a local actor can interact with the device’s environment. It is inferred that an attacker would need privileged local access to modify the package manager configuration to manipulate installation restrictions.