CVE-2026-20979

High

Published: 04 February 2026

Published

04 February 2026

Modified

05 February 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 0.5th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20979 is a high-severity an unspecified weakness vulnerability in Samsung Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match

prevent

Enforces least privilege to prevent local low-privilege attackers from launching arbitrary activities with elevated Settings privileges due to improper privilege management.

AC-3 Access Enforcement good match

prevent

Mandates enforcement of approved authorizations, directly blocking unauthorized privilege escalation in the Settings component.

SI-2 Flaw Remediation good match

prevent

Requires timely flaw remediation through application of the SMR Feb-2026 Release 1 patch that corrects the improper privilege management vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Direct local privilege escalation via improper privilege management in Settings component, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.

Deeper analysisAI

CVE-2026-20979 is an improper privilege management vulnerability affecting the Settings component in Samsung devices prior to the SMR Feb-2026 Release 1. This flaw enables local attackers to escalate privileges by launching arbitrary activity under the Settings privilege context. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential with low attack complexity.

Local attackers with low privileges on the affected device can exploit this vulnerability without user interaction. Successful exploitation allows them to execute arbitrary activities with elevated Settings privileges, potentially leading to high confidentiality, integrity, and availability impacts, such as unauthorized access to sensitive data or system modifications.

Samsung's February 2026 security bulletin, available at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02, details the issue and provides mitigation through the SMR Feb-2026 Release 1 update. Security practitioners should ensure devices are updated to this release or later to address the vulnerability.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

samsung

android

15.0, 16.0

CVEs Like This One

CVE-2025-20890Same product: Samsung Android

CVE-2025-20888Same product: Samsung Android

CVE-2026-20971Same product: Samsung Android

CVE-2026-20970Same product: Samsung Android

CVE-2025-20903Same product: Samsung Android

CVE-2026-20983Same product: Samsung Android

CVE-2026-21010Same product: Samsung Android

CVE-2025-20882Same product: Samsung Android

CVE-2026-20990Same product: Samsung Android

CVE-2025-20881Same product: Samsung Android

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02
Vendor Advisory · mobile.security@samsung.com