{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20987", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2025-12-11T01:33:35.800Z", "datePublished": "2026-02-04T06:14:50.618Z", "dateUpdated": "2026-02-04T16:58:49.035Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "GalaxyDiagnostics", "versions": [{"status": "unaffected", "version": "3.5.050"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=02"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2026-02-04T06:14:50.618Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-04T16:58:43.040550Z", "id": "CVE-2026-20987", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T16:58:49.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20987", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-04T16:58:43.040550Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T16:58:46.311Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Samsung Mobile", "product": "GalaxyDiagnostics", "versions": [{"status": "unaffected", "version": "3.5.050"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=02"}], "descriptions": [{"lang": "en", "value": "Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2026-02-04T06:14:50.618Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20987", "state": "PUBLISHED", "dateUpdated": "2026-02-04T16:58:49.035Z", "dateReserved": "2025-12-11T01:33:35.800Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2026-02-04T06:14:50.618Z", "assignerShortName": "SamsungMobile"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands."}, {"lang": "es", "value": "Validaci\u00f3n de entrada inadecuada en GalaxyDiagnostics anterior a la versi\u00f3n 3.5.050 permite a atacantes locales privilegiados ejecutar comandos privilegiados."}], "id": "CVE-2026-20987", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2026-02-04T07:16:00.900", "references": [{"source": "mobile.security@samsung.com", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=02"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Deferred"}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:04:51.684984+00:00", "value": {"mitigation_remediation": ["Upgrade GalaxyDiagnostics to version 3.5.050 or later.", "If a patch is not immediately available, disable or uninstall the GalaxyDiagnostics app to eliminate the vulnerable functionality.", "Enforce device\u2011level security policies that restrict local privileged access only to trusted applications and users."], "summary": {"action": "Patch", "impact": "Local Privileged Command Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Samsung Mobile\u2019s GalaxyDiagnostics application; all versions released prior to 3.5.050 are vulnerable. Users running those versions on Samsung Galaxy phones remain at risk until the software is updated or removed.", "description_and_impact": "GalaxyDiagnostics for Samsung Mobile devices contains an improper input validation flaw that permits a local attacker with sufficient privileges to provide crafted data and trigger the execution of any privileged command. The flaw is present in all releases before version 3.5.050. This flaw could allow the attacker to take full control of the device or execute commands that affect system integrity.", "risk_and_exploitability": "The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1\u202f% suggests a very low probability of exploitation in the wild at this time. Because the vulnerability requires local privileged access, the attack surface is limited to devices already in the control of a privileged user or compromised by other means. The flaw is not listed in the CISA KEV catalog, implying no publicly known exploits yet. The likely attack vector is local privileged access."}}}}, "created": "2026-02-04T21:18:15.765278+00:00", "title": "Local Privileged Command Execution via Improper Input Validation in Samsung GalaxyDiagnostics", "updated": "2026-04-18T14:15:04.118553+00:00", "vendors": ["samsung_mobile", "samsung_mobile$PRODUCT$galaxydiagnostics"], "weaknesses": ["CWE-78", "CWE-20"]}