Description
Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability


This issue affects MagicINFO 9 Server: less than 21.1091.1.
Published: 2026-04-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The flaw in Samsung MagicINFO 9 Server stems from incorrect default permissions on critical files and directories, allowing a local attacker to elevate privileges beyond what the service configuration intended. This privilege escalation weakness, identified as CWE‑276, could enable a compromised user to gain root or administrator rights, thereby threatening the confidentiality, integrity, and availability of the entire system.

Affected Systems

Samsung Electronics MagicINFO 9 Server deployments running any version earlier than 21.1091.1 are affected. Upgrades or patches applied to versions 21.1091.1 and newer resolve the issue.

Risk and Exploitability

With a CVSS score of 7.8 the vulnerability is classified as high severity; EPSS data is unavailable and it does not appear in the CISA KEV catalog. The flaw requires local access or a compromised user account, so it is a local attack vector. While no public exploit is known, the potential impact warrants prompt remediation.

Generated by OpenCVE AI on April 10, 2026 at 02:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Samsung MagicINFO 9 Server to version 21.1091.1 or later.

Generated by OpenCVE AI on April 10, 2026 at 02:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title MagicINFO 9 Server Incorrect Default Permissions Vulnerability

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Electronics
Samsung Electronics magicinfo 9 Server
Vendors & Products Samsung Electronics
Samsung Electronics magicinfo 9 Server

Fri, 10 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Description Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Samsung Electronics Magicinfo 9 Server
cve-icon MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published:

Updated: 2026-04-10T13:46:57.365Z

Reserved: 2026-01-30T06:07:11.090Z

Link: CVE-2026-25203

cve-icon Vulnrichment

Updated: 2026-04-10T13:46:53.139Z

cve-icon NVD

Status : Received

Published: 2026-04-10T02:16:02.767

Modified: 2026-04-10T02:16:02.767

Link: CVE-2026-25203

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:27:15Z

Weaknesses