HIGH🇵🇱 Wersja polska

CVE-2026-20985

CVSS 7.0v4.0pub. 2026-02-04upd. 2026-02-25

Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Samsung Members

    APP
    Samsung
    < 5.6.00.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-21079HIGH7.1ten sam produkt

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbi...

CVE-2021-25438HIGH7.8ten sam produkt

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and bel...

CVE-2021-25374HIGH8.6ten sam produkt

An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2....

CVE-2026-21037MEDIUM6.9ten sam produkt

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitr...

CVE-2026-20986MEDIUM5.1ten sam produkt

Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data ...