Cyber Resilience

CVE-2026-20979

High

Published: 04 February 2026

Published
04 February 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-20979 is a high-severity an unspecified weakness vulnerability in Samsung Android. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-20979 is an improper privilege management vulnerability affecting the Settings component in Samsung devices prior to the SMR Feb-2026 Release 1. This flaw enables local attackers to escalate privileges by launching arbitrary activity under the Settings privilege context. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential with low attack complexity.

Local attackers with low privileges on the affected device can exploit this vulnerability without user interaction. Successful exploitation allows them to execute arbitrary activities with elevated Settings privileges, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized access to sensitive data or system modifications.

Samsung's February 2026 security bulletin, available at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02, details the issue and provides mitigation through the SMR Feb-2026 Release 1 update. Security practitioners should ensure devices are updated to this release or later to address the vulnerability.

EU & UK References

Vulnerability details

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct local privilege escalation via improper privilege management in Settings component, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20983Same product: Samsung Android
CVE-2025-20890Same product: Samsung Android
CVE-2026-20971Same product: Samsung Android
CVE-2025-20882Same product: Samsung Android
CVE-2025-20903Same product: Samsung Android
CVE-2026-20970Same product: Samsung Android
CVE-2025-20888Same product: Samsung Android
CVE-2026-20990Same product: Samsung Android
CVE-2026-21010Same product: Samsung Android
CVE-2025-20881Same product: Samsung Android

Affected Assets

samsung
android
15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces least privilege to prevent local low-privilege attackers from launching arbitrary activities with elevated Settings privileges due to improper privilege management.

prevent

Mandates enforcement of approved authorizations, directly blocking unauthorized privilege escalation in the Settings component.

prevent

Requires timely flaw remediation through application of the SMR Feb-2026 Release 1 patch that corrects the improper privilege management vulnerability.

References