Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-20994: Samsung Account URL Redirection Allows Local Attack

CVE-2026-20994

Summary

A security flaw in Samsung Account software prior to version 15.5.01.1 allows an attacker on the same local network to potentially obtain an access token. This could be used to access sensitive information or take control of the account. To fix this issue, update Samsung Account to the latest version.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
samsung	account	< 15.5.01.1 `cpe:2.3:a:samsung:account::::::::`

Original title

URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.

Original description

URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.

nvd CVSS4.0 6.9

Vulnerability type

CWE-601 Open Redirect

https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=03

Published: 16 Mar 2026 · Updated: 15 Jun 2026 · First seen: 20 May 2026