{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20993", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2025-12-11T01:33:35.801Z", "datePublished": "2026-03-16T04:32:00.299Z", "dateUpdated": "2026-03-16T13:19:36.779Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-926 : Improper Export of Android Application Components"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Assistant", "versions": [{"status": "unaffected", "version": "9.3.10.7"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2026-03-16T04:32:00.299Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20993", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T13:10:39.782349Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:19:36.779Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20993", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T13:10:39.782349Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:16:05.930Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 4.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Assistant", "versions": [{"status": "unaffected", "version": "9.3.10.7"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03"}], "descriptions": [{"lang": "en", "value": "Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-926 : Improper Export of Android Application Components"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2026-03-16T04:32:00.299Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20993", "state": "PUBLISHED", "dateUpdated": "2026-03-16T13:19:36.779Z", "dateReserved": "2025-12-11T01:33:35.801Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2026-03-16T04:32:00.299Z", "assignerShortName": "SamsungMobile"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information."}], "id": "CVE-2026-20993", "lastModified": "2026-03-16T14:53:07.390", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2026-03-16T14:18:10.147", "references": [{"source": "mobile.security@samsung.com", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "9.3.10.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.3.10.7)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "Samsung Assistant", "source": "cna", "vendor": "Samsung Mobile"}, "product": "samsung_assistant", "vendor": "samsung"}], "analysis": {"en": {"generated_at": "2026-03-25T16:48:19.003241+00:00", "value": {"mitigation_remediation": ["Update Samsung Assistant to version 9.3.10.7 or later if available", "If an update is not possible, restrict or disable the exported assistant components via device policy or permissions", "Monitor device logs for unauthorized data access attempts", "Consult the Samsung advisory for additional guidance"], "summary": {"action": "Apply Patch", "impact": "Local Data Exposure"}, "threat_synthesis": {"affected_systems": "Devices running Samsung Mobile\u2019s Samsung Assistant app with versions earlier than 9.3.10.7 on Android are vulnerable; any device that contains the affected build of the assistant software is impacted.", "description_and_impact": "The vulnerability arises from improper export of Android application components in Samsung Assistant before version 9.3.10.7. This misconfiguration allows a local attacker to read data that the application stores, potentially exposing personal or usage information. The confidentiality of stored data is therefore at risk.", "risk_and_exploitability": "The CVSS score of 4.8 denotes moderate severity, while the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Attackers would require local access to the device, and no public exploit has been documented, but the potential to read sensitive data justifies immediate remediation."}}}}, "created": "2026-03-17T09:55:14.965860+00:00", "updated": "2026-03-25T21:28:55.054150+00:00", "vendors": ["samsung", "samsung$PRODUCT$samsung_assistant"]}