Plattform
other
Komponente
knoxguardmanager
Behoben in
2026.0.1
CVE-2026-20978 describes an improper authorization vulnerability discovered in KnoxGuardManager, a component of Samsung’s security framework. This flaw allows a local attacker to circumvent the persistence configuration settings of applications. The vulnerability impacts devices running Android 13, 14, and 15 prior to the SMR (Security Maintenance Release) February 2026 release. A fix is available in version 2026.0.1.
The impact of this vulnerability lies in its ability to bypass application persistence configurations. An attacker with local access to a vulnerable device can exploit this flaw to modify or disable application persistence settings. This could allow them to tamper with application data, disable security features, or gain unauthorized access to protected resources. The attacker would need physical or local network access to the device to exploit this vulnerability. While the vulnerability is local, the potential impact can be significant depending on the sensitivity of the data and functionality protected by the bypassed persistence configurations. This could lead to data breaches, application malfunction, or even complete compromise of the device’s security posture.
CVE-2026-20978 was publicly disclosed on February 4, 2026. The vulnerability is not currently listed on the CISA KEV catalog, and its EPSS score is pending evaluation. There are no publicly available proof-of-concept exploits at this time. Given the local nature of the vulnerability and the requirement for physical access, active exploitation is considered less likely, but remains a potential risk.
Samsung Galaxy device users running Android 13, 14, or 15 prior to the SMR February 2026 release are at risk. This includes users who have not yet applied the security update. Organizations deploying Knox-managed devices should prioritize patching to mitigate this risk.
disclosure
Exploit-Status
EPSS
0.01% (1% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-20978 is to upgrade to the SMR February 2026 release or later, specifically version 2026.0.1 or higher. If immediate upgrading is not possible, consider implementing stricter access controls and monitoring for suspicious activity on devices running vulnerable versions. While a direct WAF or proxy rule is unlikely to be effective for a local vulnerability, enhanced device security policies and regular security audits can help detect and prevent exploitation. Samsung has not released specific detection signatures (Sigma/YARA), but monitoring system logs for unusual persistence configuration changes could be a potential indicator.
Wenden Sie das Samsung Mobile (SMR) Sicherheitsupdate von Februar 2026 oder später an. Dieses Update behebt die unzureichende Autorisierung in KnoxGuardManager. Es wird empfohlen, das Update so bald wie möglich zu installieren, um das Gerät zu schützen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-20978 is a vulnerability in Samsung's KnoxGuardManager that allows local attackers to bypass application persistence configurations on Android devices.
You are affected if you use a Samsung Galaxy device running Android 13, 14, or 15 prior to the SMR February 2026 release (version 2026.0.1).
Upgrade your Samsung Galaxy device to the SMR February 2026 release or later (version 2026.0.1) by applying the latest security update.
There is currently no evidence of active exploitation, but the vulnerability is publicly known.
Refer to the official Samsung Security Bulletin for details: [https://security.samsungmobile.com/ (replace with actual URL when available)]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.