Description
Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
Published: 2026-06-05
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An Android application component in the Galaxy Editing Service was improperly exported before the SMR Jun‑2026 Release 1 update, allowing a local attacker with device access to invoke privileged operations. Based on the description, the attacker can execute actions that normally require higher system permissions, which may lead to changes in system state or access to restricted resources, but specific confidentiality or integrity impacts are not detailed in the advisory.

Affected Systems

Samsung Mobile Device users running the Galaxy Editing Service prior to the SMR Jun‑2026 Release 1 are affected. No further versioning information is provided beyond the pre‑release identifier; all devices that have not applied the Jun‑2026 update remain vulnerable.

Risk and Exploitability

With a CVSS score of 6.8 this vulnerability is considered medium severity. The EPSS score is < 1% and the exploit is not listed in CISA KEV. The likely attack vector is local, requiring the adversary to be on or physically access the device. The low EPSS probability indicates that exploitation is uncommon, but the possibility of local privilege escalation still makes this risk significant for devices that have not applied the latest security update.

Generated by OpenCVE AI on June 6, 2026 at 05:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Samsung Mobile devices SMR Jun‑2026 Release 1 security update to address the improper export issue.
  • If the Galaxy Editing Service is not required, uninstall or disable the app to remove the vulnerable components.
  • Enforce strong device authentication and enable full device encryption to reduce the impact of any local attacker.

Generated by OpenCVE AI on June 6, 2026 at 05:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 06 Jun 2026 06:15:00 +0000

Type Values Removed Values Added
Title Improper Export of Android Application Components Leading to Local Privilege Escalation in Galaxy Editing Service

Sat, 06 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Improper Export in Galaxy Editing Service
Weaknesses CWE-269
CWE-285

Sat, 06 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Samsung android
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-apr-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2021-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jul-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-jun-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-may-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2021-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2024-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:14.0:smr-sep-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-apr-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-may-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-apr-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-may-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*
Vendors & Products Samsung android
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 05 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation via Improper Export in Galaxy Editing Service
Weaknesses CWE-269
CWE-285

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung mobile Devices
Vendors & Products Samsung
Samsung mobile Devices

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Android Mobile Devices
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-06-05T19:18:09.644Z

Reserved: 2025-12-11T01:33:35.805Z

Link: CVE-2026-21029

cve-icon Vulnrichment

Updated: 2026-06-05T19:18:04.467Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-05T11:16:35.440

Modified: 2026-06-06T02:00:13.327

Link: CVE-2026-21029

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T06:00:14Z

Weaknesses