Details of VAR-202601-2351

ID

VAR-202601-2351

CVE

CVE-2026-20976

TITLE

Samsung's Galaxy Store Unspecified vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-001398

DESCRIPTION

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-20976 // JVNDB: JVNDB-2026-001398

AFFECTED PRODUCTS

vendor:	samsung	model:	galaxy store	scope:	lt	version:	4.6.02.0	Trust: 1.0
vendor:	サムスン	model:	galaxy store	scope:	eq	version:	-	Trust: 0.8
vendor:	サムスン	model:	galaxy store	scope:	-	version:	-	Trust: 0.8
vendor:	サムスン	model:	galaxy store	scope:	eq	version:	4.6.02.0	Trust: 0.8

sources: JVNDB: JVNDB-2026-001398 // NVD: CVE-2026-20976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-20976
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2026-20976
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-20976
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-20976
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-20976
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001398 // NVD: CVE-2026-20976 // NVD: CVE-2026-20976

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001398 // NVD: CVE-2026-20976

PATCH

title:

Security Updates Other Updates | Samsung Mobile Security

url:

https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=01

Trust: 0.8

sources: JVNDB: JVNDB-2026-001398

EXTERNAL IDS

db:	NVD	id:	CVE-2026-20976	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001398	Trust: 0.8

sources: JVNDB: JVNDB-2026-001398 // NVD: CVE-2026-20976

REFERENCES

url:	https://security.samsungmobile.com/serviceweb.smsb?year=2026&month=01	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-20976	Trust: 0.8

sources: JVNDB: JVNDB-2026-001398 // NVD: CVE-2026-20976

SOURCES

db:	JVNDB	id:	JVNDB-2026-001398
db:	NVD	id:	CVE-2026-20976

LAST UPDATE DATE

2026-01-23T23:32:28.065000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001398	date:	2026-01-19T06:05:00
db:	NVD	id:	CVE-2026-20976	date:	2026-01-15T19:43:57.340

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001398	date:	2026-01-19T00:00:00
db:	NVD	id:	CVE-2026-20976	date:	2026-01-09T07:16:04.263