Cyber Resilience

CVE-2026-20999

High

Published: 16 March 2026

Published
16 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0016 36.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20999 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Samsung Smart Switch. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2026-20999 is an authentication bypass vulnerability caused by a replay attack in Samsung Smart Switch versions prior to 3.7.69.15. This flaw, associated with CWE-294, enables remote attackers to circumvent authentication mechanisms and execute privileged functions without valid credentials. The vulnerability received a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), highlighting its high severity due to network accessibility, low attack complexity, and significant integrity impact.

Remote attackers can exploit this vulnerability over the network without requiring user interaction or prior privileges. By capturing and replaying authentication-related data, they can trigger privileged operations within Smart Switch, potentially leading to unauthorized control over device management functions, data transfers, or other high-privilege actions supported by the software.

The Samsung security advisory at https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03 provides details on the issue, including recommendations to update to Smart Switch version 3.7.69.15 or later to mitigate the replay-based authentication bypass.

EU & UK References

Vulnerability details

Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Authentication bypass via replay directly enables remote exploitation of the application for unauthorized privileged execution (T1190) and privilege escalation without credentials (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20998Same product: Samsung Smart Switch
CVE-2026-20997Same product: Samsung Smart Switch
CVE-2026-25201Same vendor: Samsung
CVE-2026-20983Same vendor: Samsung
CVE-2026-32987Shared CWE-294
CVE-2025-26201Shared CWE-294
CVE-2025-20903Same vendor: Samsung
CVE-2025-54440Same vendor: Samsung
CVE-2025-20882Same vendor: Samsung
CVE-2025-54451Same vendor: Samsung

Affected Assets

samsung
smart switch
≤ 3.7.69.15

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 requires mechanisms to protect communication session authenticity, directly mitigating replay attacks that bypass authentication in Smart Switch.

prevent

IA-5 mandates management of authenticators to prohibit those susceptible to replay, addressing the capture and reuse of authentication data in this CVE.

prevent

SI-2 ensures timely flaw remediation through patching, such as updating Smart Switch to version 3.7.69.15 to eliminate the replay vulnerability.

References