Description
Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
Published: 2026-06-05
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Samsung Internet implements an authorization check that incorrectly grants local users access to protected data. The flaw allows a local attacker to read sensitive information that should be restricted, exposing personal or proprietary data and potentially enabling further attacks against the device. This is an example of Improper Access Control (CWE‑284).

Affected Systems

Samsung Internet browser on Samsung Mobile, all versions prior to 30.0.0.39, is affected. Users running any older build are at risk; updating to 30.0.0.39 or later removes the vulnerability.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate severity. The vulnerability is exploitable only by local attackers who can act on the device, so the attack vector is local. The EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Despite the limited reach, the potential for sensitive data exposure makes the risk noteworthy for environments where local access is not strictly controlled.

Generated by OpenCVE AI on June 5, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung Internet to version 30.0.0.39 or later, which releases the fix for the improper authorization flaw.
  • Limit local user privileges by disabling unused accounts or requiring stronger authentication before granting access to the browser.
  • Enable device‑level security controls, such as lock‑screen authentication and app‑specific permissions, to reduce the likelihood that a local attacker can interact with Samsung Internet without detection.

Generated by OpenCVE AI on June 5, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Mobile
Samsung Mobile samsung Internet
Vendors & Products Samsung Mobile
Samsung Mobile samsung Internet

Fri, 05 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Local Improper Authorization in Samsung Internet Enabled Sensitive Information Disclosure
Weaknesses CWE-284

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
References
Metrics cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H'}

Subscriptions

Samsung Mobile Samsung Internet
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-06-05T19:09:43.802Z

Reserved: 2025-12-11T01:33:35.806Z

Link: CVE-2026-21036

cve-icon Vulnrichment

Updated: 2026-06-05T19:09:38.823Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T11:16:36.310

Modified: 2026-06-05T14:59:51.620

Link: CVE-2026-21036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T11:17:19Z

Weaknesses