Samsung Mobile: 21 Medium-Severity Vulnerabilities Disclosed in June 2026

Key findings

• 21 medium-severity vulnerabilities disclosed by Samsung on June 4-5, 2026.
• Seven vulnerabilities affect Samsung's open-source rlottie library, focusing on memory corruption.
• Other affected components include Samsung Members, Internet, USB Driver, and various system services.
• Flaws include improper input validation, authorization, and component export issues.
• Patches are available via June 2026 SMR and specific application version updates.

Samsung has addressed a significant batch of 21 medium-severity vulnerabilities that were disclosed on June 4th and 5th, 2026. These vulnerabilities affect a range of Samsung products and open-source components, with a particular focus on memory corruption issues within the rlottie animation library.

The disclosure event, spanning just over 24 hours, highlights ongoing security efforts for Samsung's diverse software ecosystem. While all vulnerabilities are rated as medium severity, their widespread nature across different applications and libraries warrants attention from users and administrators.

A notable cluster of seven vulnerabilities (CVE-2026-8916, CVE-2026-49510, CVE-2026-47320, CVE-2026-47319, CVE-2026-47318, CVE-2026-47306, CVE-2026-10305) were identified in Samsung's open-source rlottie library. These flaws, each with a CVSSv3 score of 6.1, include out-of-bounds writes, integer overflows, uncontrolled recursion, and memory allocation issues. These types of vulnerabilities can lead to memory corruption, denial-of-service conditions, and potentially other security risks if exploited. The affected rlottie versions are all prior to specific commit hashes, indicating that updates to the library are the primary mitigation.

Beyond the rlottie library, several other Samsung applications and components were found to have vulnerabilities. These include issues in the Samsung Android USB Driver (CVE-2026-21038), Samsung Members (CVE-2026-21037), Samsung Internet (CVE-2026-21036), Samsung Plus TV (CVE-2026-21035), Samsung Auto (CVE-2026-21034), and various components within Samsung Assistant (CVE-2026-21033, CVE-2026-21032). Other affected areas include AppBlock (CVE-2026-21031), Galaxy Editing Service (CVE-2026-21029), AuditLogService (CVE-2026-21028), ImsSettings (CVE-2026-21027), SpriteWallpaper (CVE-2026-21026), Telephony (CVE-2026-21025), and SecTelephonyProvider (CVE-2026-21017).

The common themes across these vulnerabilities include improper input validation, improper authorization, and the improper export of Android application components. These flaws generally allow local attackers to access sensitive information, modify configurations, launch arbitrary activities, or execute arbitrary scripts, depending on the specific component and its privileges. The descriptions indicate that many of these vulnerabilities require local access to the device to be exploited.

Samsung has addressed these vulnerabilities through its Security Maintenance Release (SMR) for June 2026, and specific version updates for individual applications. For the rlottie library, fixes are tied to specific commit hashes, suggesting that developers integrating the library should ensure they are using updated versions. For other applications, users are advised to update to the patched versions as indicated by the CVE descriptions, such as Samsung Members prior to version 5.8.01.5 or Samsung Internet prior to version 30.0.0.39.

This coordinated disclosure of 21 vulnerabilities underscores the importance of timely patching and updates for Samsung devices and software. While no active exploitation was mentioned in the provided context, the nature of these flaws, particularly those allowing local privilege escalation or information access, makes them attractive targets for attackers seeking to compromise user data or device functionality. Users should ensure their Samsung devices and applications are kept up-to-date to benefit from these security patches.