CVE-2026-20970

Published: Jan 9, 2026Modified: Jan 15, 2026

6.8

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: mobile.security@samsung.com (Secondary)

Description

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.

Affected (16)

Products: Samsung: Android

Samsung

1 product

Android

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Samsung Android	Version 15.0 smr-apr-2025-r1
Samsung Android	Version 15.0 smr-aug-2025-r1
Samsung Android	Version 15.0 smr-dec-2025-r1
Samsung Android	Version 15.0 smr-feb-2025-r1
Samsung Android	Version 15.0 smr-jul-2025-r1
Samsung Android	Version 15.0 smr-jun-2025-r1
Samsung Android	Version 15.0 smr-mar-2025-r1
Samsung Android	Version 15.0 smr-may-2025-r1
Samsung Android	Version 15.0 smr-nov-2025-r1
Samsung Android	Version 15.0 smr-oct-2025-r1
Samsung Android	Version 15.0 smr-sep-2025-r1
Samsung Android	Version 16.0 smr-aug-2025-r1
Samsung Android	Version 16.0 smr-dec-2025-r1
Samsung Android	Version 16.0 smr-nov-2025-r1
Samsung Android	Version 16.0 smr-oct-2025-r1
Samsung Android	Version 16.0 smr-sep-2025-r1

References (1)

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Source: mobile.security@samsung.com

Vendor Advisory

Timeline

No history available yet.