This vulnerability arises from incorrect privilege assignment in the Telephony component of Samsung Mobile Devices. An attacker who can execute code locally on the device may exploit this misconfiguration to elevate privileges within the Telephony process and subsequently read sensitive data that should be protected.

The issue affects Samsung Mobile Devices running firmware versions prior to the SMR Jun-2026 Release 1 update. Devices with earlier builds are susceptible unless updated. No specific model or software version numbers are detailed within the advisory.

The CVSS score of 6.9 indicates a moderate severity flaw. The EPSS score is < 1%, indicating a very low probability of exploitation, and the vulnerability is not catalogued in the CISA KEV list. Because the vulnerability is local, an attacker would need some form of local access, such as physical possession or a prior foothold on the device, to exploit it. Once accessed, the attacker could read sensitive Telephony data.