Vulnerability Database

320,453

Total vulnerabilities in the database

CVE-2026-20970

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.

Published: Jan 9, 2026
Updated: Jan 16, 2026
CVE: CVE-2026-20970
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
samsung / android	15.0-smr-apr-2025-r1	15.0-smr-apr-2025-r1.x
samsung / android	15.0-smr-aug-2025-r1	15.0-smr-aug-2025-r1.x
samsung / android	15.0-smr-dec-2025-r1	15.0-smr-dec-2025-r1.x
samsung / android	15.0-smr-feb-2025-r1	15.0-smr-feb-2025-r1.x
samsung / android	15.0-smr-jul-2025-r1	15.0-smr-jul-2025-r1.x
samsung / android	15.0-smr-jun-2025-r1	15.0-smr-jun-2025-r1.x
samsung / android	15.0-smr-mar-2025-r1	15.0-smr-mar-2025-r1.x
samsung / android	15.0-smr-may-2025-r1	15.0-smr-may-2025-r1.x
samsung / android	15.0-smr-nov-2025-r1	15.0-smr-nov-2025-r1.x
samsung / android	15.0-smr-oct-2025-r1	15.0-smr-oct-2025-r1.x
samsung / android	15.0-smr-sep-2025-r1	15.0-smr-sep-2025-r1.x
samsung / android	16.0-smr-aug-2025-r1	16.0-smr-aug-2025-r1.x
samsung / android	16.0-smr-dec-2025-r1	16.0-smr-dec-2025-r1.x
samsung / android	16.0-smr-nov-2025-r1	16.0-smr-nov-2025-r1.x
samsung / android	16.0-smr-oct-2025-r1	16.0-smr-oct-2025-r1.x
samsung / android	16.0-smr-sep-2025-r1	16.0-smr-sep-2025-r1.x

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime