Description
Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
Published: 2026-05-13
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw in Samsung System Support Service causes improper privilege management, permitting local users to invoke functions that require higher authority. This can lead to unauthorized manipulation or execution of privileged operations, compromising the integrity and confidentiality of device functions and user data.

Affected Systems

Samsung Mobile devices running Samsung System Support Service versions earlier than 8.0.8.0 are affected.

Risk and Exploitability

With a CVSS score of 6.3 the vulnerability is assessed as moderate severity. An attacker must have local access to the device, as the flaw is exploitable only from within the device’s environment. No EPSS score is available and the issue is not listed in CISA KEV, indicating no widespread exploitation is reported yet. If an adversary gains local foothold, they can trigger privileged functions and potentially exploit further weaknesses.

Generated by OpenCVE AI on May 13, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung System Support Service to version 8.0.8.0 or later
  • Ensure the device uses the updated service before allowing any privileged function calls
  • Limit local access to the service by enforcing device‑level authentication and role‑based controls

Generated by OpenCVE AI on May 13, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Mobile
Samsung Mobile samsung System Support Service
Vendors & Products Samsung Mobile
Samsung Mobile samsung System Support Service

Wed, 13 May 2026 07:30:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Improper Privilege Management in Samsung System Support Service
Weaknesses CWE-269
CWE-284

Wed, 13 May 2026 06:00:00 +0000

Type Values Removed Values Added
Description Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Samsung Mobile Samsung System Support Service
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-05-13T14:43:07.389Z

Reserved: 2025-12-11T01:33:35.805Z

Link: CVE-2026-21024

cve-icon Vulnrichment

Updated: 2026-05-13T14:43:03.838Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T06:16:13.920

Modified: 2026-05-13T15:33:53.233

Link: CVE-2026-21024

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T10:34:51Z

Weaknesses