Cyber Resilience

CVE-2026-20976

Medium

Published: 09 January 2026

Published
09 January 2026
Modified
15 January 2026
KEV Added
Patch
CVSS Score v4 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 1.7th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20976 is a medium-severity an unspecified weakness vulnerability in Samsung Galaxy Store. Its CVSS base score is 5.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 1.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20976 is an improper input validation vulnerability affecting the Galaxy Store application prior to version 4.6.02 on Samsung devices. Published on January 9, 2026, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE category NVD-CWE-noinfo. The flaw enables a local attacker to execute arbitrary scripts due to inadequate validation of inputs processed by the Galaxy Store.

A local attacker with low privileges on the affected device can exploit this vulnerability with low attack complexity and without requiring user interaction. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially compromising the device through arbitrary script execution.

Samsung has published a security advisory detailing the issue at https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=01, with mitigation involving an update to Galaxy Store version 4.6.02 or later.

EU & UK References

Vulnerability details

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local input validation flaw directly enables arbitrary script execution (T1059) by low-privileged attackers, resulting in high-impact compromise consistent with exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20983Same vendor: Samsung
CVE-2025-20903Same vendor: Samsung
CVE-2025-20882Same vendor: Samsung
CVE-2026-21010Same vendor: Samsung
CVE-2026-20979Same vendor: Samsung
CVE-2026-20971Same vendor: Samsung
CVE-2025-53966Same vendor: Samsung
CVE-2026-20990Same vendor: Samsung
CVE-2025-20890Same vendor: Samsung
CVE-2025-49495Same vendor: Samsung

Affected Assets

samsung
galaxy store
≤ 4.6.02.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of information inputs to prevent arbitrary script execution due to improper input validation in Galaxy Store.

prevent

Requires identification, reporting, and correction of flaws like the improper input validation vulnerability fixed in Galaxy Store version 4.6.02.

prevent

Deploys malicious code protection at entry points and memory to block execution of arbitrary scripts injected via the input validation flaw.

References