CVE-2026-20992

LOW

3.3

Description

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.

CVE Details

CVSS v3.1 Score3.3

SeverityLOW

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published3/16/2026

Last Modified3/20/2026

Sourcenvd

Honeypot Sightings0

Affected Products

samsung:android

Weaknesses (CWE)

CWE-863

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=03(mobile.security@samsung.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.