Vulnerabilities ›

CVE-2026-21009

Medium

CWE-754 — Weakness Type

                    Published: Apr 13, 2026                      ·  Modified: Apr 16, 2026                      ·  Source: NVD                

CVSS v3

6.8

🔗 NVD Official

📄 Description (English)

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.

🤖 AI Executive Summary

CVE-2026-21009 is a medium-severity vulnerability in Samsung Recents that allows physical attackers to bypass App Pinning through improper exception handling. The flaw exists in versions prior to the April 2026 Release 1 update.

📄 Description (Arabic)

يسمح هذا الضعف للمهاجمين الفيزيائيين بتجاوز ميزة تثبيت التطبيقات في تطبيق Samsung Recents من خلال استغلال معالجة الاستثناءات غير الكافية. يؤثر الثغرة على الإصدارات السابقة لإصدار أبريل 2026 الأول.

🤖 ملخص تنفيذي (AI)

This vulnerability affects Samsung Recents application and allows physical attackers to circumvent App Pinning security features due to inadequate exception condition validation. The issue is resolved in Samsung's April 2026 Release 1 update.

🤖 AI Intelligence Analysis Analyzed: May 10, 2026 13:55

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government telecom banking

🎯 MITRE ATT&CK Techniques

T1056.004 T1531

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update Samsung Recents to April 2026 Release 1 or later. Organizations should enforce device management policies requiring physical security controls and restrict unauthorized device access to mitigate exploitation risk.

🔧 خطوات المعالجة (العربية)

قم بتحديث Samsung Recents إلى إصدار أبريل 2026 الإصدار 1 أو أحدث. يجب على المؤسسات فرض سياسات إدارة الأجهزة التي تتطلب ضوابط الأمان المادي وتقييد الوصول غير المصرح به للأجهزة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2

🔵 SAMA CSF

ID.AM-2 PR.AC-1

🟡 ISO 27001:2022

A.6.1.2 A.9.2.1

🔗 References & Sources 1

🔗

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=04

mobile.security@samsung.com

Vendor Advisory

📦 Affected Products / CPE 50 entries

samsung:android:14.0

📊 CVSS Score

6.8

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorP — Physical

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.8

CWECWE-754

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-04-13

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-754

🏢 Vendor Advisories

🔗 https://security.samsungmobile.com/securityUpdate.sm...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-21009

💬 Comments

Introduce Yourself

Sign In Required