{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21002", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2025-12-11T01:33:35.802Z", "datePublished": "2026-03-16T04:32:11.128Z", "dateUpdated": "2026-03-16T13:59:29.066Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Galaxy Store", "versions": [{"status": "unaffected", "version": "4.6.03.8"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application."}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.9, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2026-03-16T04:32:11.128Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T13:59:23.936846Z", "id": "CVE-2026-21002", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:59:29.066Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21002", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T13:59:23.936846Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:59:26.437Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "Samsung Mobile", "product": "Galaxy Store", "versions": [{"status": "unaffected", "version": "4.6.03.8"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03"}], "descriptions": [{"lang": "en", "value": "Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2026-03-16T04:32:11.128Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21002", "state": "PUBLISHED", "dateUpdated": "2026-03-16T13:59:29.066Z", "dateReserved": "2025-12-11T01:33:35.802Z", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "datePublished": "2026-03-16T04:32:11.128Z", "assignerShortName": "SamsungMobile"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application."}], "id": "CVE-2026-21002", "lastModified": "2026-03-16T14:53:07.390", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2026-03-16T14:18:11.367", "references": [{"source": "mobile.security@samsung.com", "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "4.6.03.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.6.03.8)"}}], "enrichment": {"confidence": 85.0, "confidence_source": "matching", "scores": [{"score": 85.0, "source": "matching"}]}, "original": {"product": "Galaxy Store", "source": "cna", "vendor": "Samsung Mobile"}, "product": "galaxy_store", "vendor": "samsung"}], "analysis": {"en": {"generated_at": "2026-03-27T11:26:28.579375+00:00", "value": {"mitigation_remediation": ["Upgrade Galaxy Store to version 4.6.03.8 or later, which includes proper signature verification.", "For devices that cannot be upgraded immediately, disable installation of applications from the Galaxy Store until a patch is available.", "Verify that the device\u2019s firmware and other security components are current to reduce the attack surface."], "summary": {"action": "Apply patch", "impact": "Signature verification flaw allows local attacker to install arbitrary application"}, "threat_synthesis": {"affected_systems": "Samsung Mobile Galaxy Store is the affected product. Devices running the Galaxy Store application prior to version 4.6.03.8 are at risk. No additional vendor or version information is provided beyond the indicated store component.", "description_and_impact": "Improper verification of the cryptographic signature used by Samsung\u2019s Galaxy Store before version 4.6.03.8 permits a local attacker to bypass security checks and install any application of their choosing. The flaw effectively removes the integrity guarantee of the application installation process, allowing malicious code to be trusted by the device. The vulnerability is a classic example of insufficient signature validation, enabling unauthorized code execution.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate overall risk, while the EPSS score of less than 1 percent suggests a low probability of exploitation in the current threat landscape. The vulnerability is not listed in CISA\u2019s KEV catalog. Because the flaw requires local access to the device, the attack vector is likely local, meaning an attacker must be physically present or already have privileged access. The lack of an exploit probability combined with the moderate severity suggests that while the vulnerability is non\u2011critical, it can be dangerous if an attacker gains local device access."}}}}, "created": "2026-03-17T09:55:06.115333+00:00", "title": "Improper Cryptographic Signature Verification in Galaxy Store Enables Local App Installation", "updated": "2026-03-27T20:26:59.923725+00:00", "vendors": ["samsung", "samsung$PRODUCT$galaxy_store"], "weaknesses": ["CWE-330"]}