Description
Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
Published: 2026-06-05
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A local attacker who can interact with the device is able to misuse AppBlock, a feature in Samsung Mobile Devices, to launch arbitrary activities that normally would require proper authorization. This flaw stems from an improper authorization check that allows privileged actions to be performed without the expected permissions. The result is that malicious code could invoke any system activity, potentially leading to unintended behavior or data exposure.

Affected Systems

All Samsung mobile devices that run AppBlock prior to the SMR Jun‑2026 Release 1 are affected. No specific device models or operating‑system versions are listed, so the vulnerability should be assumed to impact every device using the aforementioned component. The lack of detailed version information means vulnerable devices cannot be identified without consulting Samsung’s release notes for the SmR Jun‑2026 Release 1 update.

Risk and Exploitability

The CVSS score of 5.2 indicates a moderate level of severity. The EPSS score is very low, less than 1 percent, meaning a small but non‑zero likelihood of exploitation. Since the vulnerability is not listed in the CISA KEV catalog, no known widespread exploitation is documented. The flaw requires local access and user interaction to trigger. While the attack surface is limited, the ability to launch arbitrary activities could allow an attacker to perform privileged actions, potentially causing data exposure or system instability. Therefore the risk remains moderate but warrants timely patching.

Generated by OpenCVE AI on June 6, 2026 at 03:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the SMR Jun‑2026 Release 1 update from Samsung to correct the improper authorization check in AppBlock.
  • Temporarily disable AppBlock functionality in device settings until the update is installed, to block local exploitation of the flaw.
  • Enable detailed logging of activity launches and review logs regularly to detect suspicious activation attempts.

Generated by OpenCVE AI on June 6, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 06 Jun 2026 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung
Samsung android
Weaknesses CWE-863
CPEs cpe:2.3:o:samsung:android:15.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-apr-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-apr-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-feb-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jan-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jul-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-jun-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-mar-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-may-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-may-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:15.0:smr-sep-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:-:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-apr-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-aug-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-dec-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-feb-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-jan-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-mar-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-may-2026-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-nov-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-oct-2025-r1:*:*:*:*:*:*
cpe:2.3:o:samsung:android:16.0:smr-sep-2025-r1:*:*:*:*:*:*
Vendors & Products Samsung
Samsung android
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 05 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Improper Authorization in Samsung AppBlock Allows Local Arbitrary Activity Launch
Weaknesses CWE-284

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Mobile
Samsung Mobile samsung Mobile Devices
Vendors & Products Samsung Mobile
Samsung Mobile samsung Mobile Devices

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Android
Samsung Mobile Samsung Mobile Devices
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-06-05T19:13:55.561Z

Reserved: 2025-12-11T01:33:35.805Z

Link: CVE-2026-21031

cve-icon Vulnrichment

Updated: 2026-06-05T19:13:51.225Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-05T11:16:35.673

Modified: 2026-06-06T01:59:53.273

Link: CVE-2026-21031

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T04:00:15Z

Weaknesses