CVE-2026-20983 - Vulnerability Details

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Samsung	Mobile Devices

No data.

References

Link	Providers
https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02

History

Wed, 04 Feb 2026 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung Samsung mobile Devices
Vendors & Products		Samsung Samsung mobile Devices

Wed, 04 Feb 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 04 Feb 2026 06:45:00 +0000

Type	Values Removed	Values Added
Description		Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.
References		https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=02
Metrics		cvssV4_0 `{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published: 2026-02-04T06:14:45.725Z

Updated: 2026-02-04T16:57:16.279Z

Reserved: 2025-12-11T01:33:35.799Z

Link: CVE-2026-20983

Vulnrichment

Updated: 2026-02-04T16:57:13.803Z

NVD

Status : Awaiting Analysis

Published: 2026-02-04T07:16:00.387

Modified: 2026-02-04T16:33:44.537

Link: CVE-2026-20983

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object