CVE-2026-21033

HIGH

Samsung Assistant < 9.3.14 - Arbitrary Script Execution via ExpressHomeWidgetReceiver

Title source: llm
STIX 2.1

Description

Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

Scores

CVSS v3 7.1
EPSS 0.0009
EPSS Percentile 0.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (2)
samsung/assistant < 9.3.14
Samsung Mobile/Samsung Assistant 9.3.14
Published Jun 05, 2026
Tracked Since Jun 05, 2026