CVE-2026-20982

MEDIUM

ShortcutService <SMR Feb-2026 Release 1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-20982. PoCs published by Vikramaditya015.

AI-analyzed exploit summary This repository contains a functional local privilege escalation (LPE) exploit for CVE-2026-20982 targeting Samsung Android devices. The exploit leverages a vulnerability in the `IShortcutService` Binder interface to achieve arbitrary file write and subsequently escalate privileges by manipulating the `packages.xml` file.

Description

Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.

Exploits (1)

github WORKING POC
by Vikramaditya015 · pythonpoc
https://github.com/Vikramaditya015/samsung-android-lpe

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2026-20982 targeting Samsung Android devices. The exploit leverages a vulnerability in the `IShortcutService` Binder interface to achieve arbitrary file write and subsequently escalate privileges by manipulating the `packages.xml` file.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Samsung Android (specific version not specified)
No auth needed
Prerequisites: Physical access or ADB access to the target device · Rooted or compromised context to execute the exploit
mistral-large-3 · analyzed Jun 01, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.0
EPSS 0.0029
EPSS Percentile 21.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (1)
samsung/android 14.0 (50 CPE variants)
Published Feb 04, 2026
Tracked Since Feb 18, 2026