HIGHCVE-2026-20985Published 2026-02-04Modified 2026-02-04CNA SamsungMobile

CVE-2026-20985: Improper input validation in Samsung Members prior to version 5

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: 5.6.00.11
Affected Products: 1

Fix available

5.6.00.11

Affected packages

Samsung Mobile / Samsung Members
Fixed in 5.6.00.11

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

References

security.samsungmobile.com

Metrics

Fix available