CVE-2026-20982
MEDIUMShortcutService <SMR Feb-2026 Release 1 - Path Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2026-20982. PoCs published by Vikramaditya015.
AI-analyzed exploit summary This repository contains a functional local privilege escalation (LPE) exploit for CVE-2026-20982 targeting Samsung Android devices. The exploit leverages a vulnerability in the `IShortcutService` Binder interface to achieve arbitrary file write and subsequently escalate privileges by manipulating the `packages.xml` file.
Description
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
Exploits (1)
This repository contains a functional local privilege escalation (LPE) exploit for CVE-2026-20982 targeting Samsung Android devices. The exploit leverages a vulnerability in the `IShortcutService` Binder interface to achieve arbitrary file write and subsequently escalate privileges by manipulating the `packages.xml` file.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L