CVE-2026-20994

Summary

URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Account15.5.01.1unaffected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References