CVE-2026-20976

CVSS Score & Metrics

Base Score

7.8 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H                                    

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.

Published Date

January 09, 2026

Last Modified

January 15, 2026

CWE ID

NVD-CWE-noinfo

Source

NVD

Vendor

samsung

Product

galaxy_store