CVE-2026-21037

HIGH

Samsung Members < 5.8.01.5 - Arbitrary URL Access and Activity Launch

Title source: llm
STIX 2.1

Description

Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.

Scores

CVSS v3 7.1
EPSS 0.0010
EPSS Percentile 1.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (2)
samsung/members < 5.8.01.5
Samsung Mobile/Samsung Members 5.8.01.5
Published Jun 05, 2026
Tracked Since Jun 05, 2026