CVE-2026-20999
Published: 16 March 2026
Summary
CVE-2026-20999 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Samsung Smart Switch. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).
Deeper analysis
CVE-2026-20999 is an authentication bypass vulnerability caused by a replay attack in Samsung Smart Switch versions prior to 3.7.69.15. This flaw, associated with CWE-294, enables remote attackers to circumvent authentication mechanisms and execute privileged functions without valid credentials. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), highlighting its high severity due to network accessibility, low attack complexity, and significant integrity impact.
Remote attackers can exploit this vulnerability over the network without requiring user interaction or prior privileges. By capturing and replaying authentication-related data, they can trigger privileged operations within Smart Switch, potentially leading to unauthorized control over device management functions, data transfers, or other high-privilege actions supported by the software.
The Samsung security advisory at https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03 provides details on the issue, including recommendations to update to Smart Switch version 3.7.69.15 or later to mitigate the replay-based authentication bypass.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12315
Vulnerability details
Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authentication bypass via replay directly enables remote exploitation of the application for unauthorized privileged execution (T1190) and privilege escalation without credentials (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-23 requires mechanisms to protect communication session authenticity, directly mitigating replay attacks that bypass authentication in Smart Switch.
IA-5 mandates management of authenticators to prohibit those susceptible to replay, addressing the capture and reuse of authentication data in this CVE.
SI-2 ensures timely flaw remediation through patching, such as updating Smart Switch to version 3.7.69.15 to eliminate the replay vulnerability.