CVE-2020-26604
Description
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A PendingIntent in Samsung SystemUI leaks contact numbers to unprivileged processes on devices running Android O through R.
Vulnerability
A PendingIntent in the SystemUI component on Samsung mobile devices running Android O (8.x), P (9.0), Q (10.0), and R (11.0) software allows an unprivileged process to access contact numbers. The vulnerability is identified by Samsung ID SVE-2020-18467 [1].
Exploitation
An attacker with no special privileges beyond the ability to execute an unprivileged process on the device can exploit this flaw by triggering the vulnerable PendingIntent. No user interaction or authentication is required beyond the normal operation of the device [1].
Impact
Successful exploitation results in the unauthorized disclosure of contact numbers stored on the device. This is an information disclosure vulnerability that compromises the confidentiality of user contacts [1].
Mitigation
Samsung has addressed this vulnerability in a security update released by October 2020 [1]. Users should apply the latest firmware update from Samsung to remediate the issue.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Samsung/mobile devicesdescription
- Range: Android O(8.x), P(9.0), Q(10.0), R(11.0)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- security.samsungmobile.com/securityUpdate.smsbmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.