CVE-2026-21023

Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.

medium 5.5 CVSS 3.1

Published: Apr 29, 2026

Modified: May 1, 2026

Vendor: Samsung

Product: Android

Versions: 14.0,15.0,16.0

Description

Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03

Related CVEs

CVSS Breakdown

Version	3.1
Score	5.5 / 10
Severity	medium

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected Product

Vendor	Samsung
Product	Android
Versions	14.0,15.0,16.0