Platform
android
Component
smart-switch
Fixed in
3.7.69.15
CVE-2026-21004 describes a Denial of Service (DoS) vulnerability affecting Samsung Smart Switch versions prior to 3.7.69.15. This vulnerability allows an attacker within close proximity to trigger a denial of service, potentially disrupting data transfer and device management operations. The vulnerability is fixed in version 3.7.69.15, and users are advised to upgrade promptly.
The primary impact of CVE-2026-21004 is a denial of service. An attacker, positioned physically near a device running a vulnerable version of Smart Switch, can exploit this flaw to render the application unresponsive. This could interrupt ongoing data transfers, prevent users from backing up their devices, or hinder other critical functions managed through Smart Switch. The attack requires physical proximity, limiting the immediate blast radius, but could be disruptive in environments where Smart Switch is frequently used, such as shared workspaces or public charging stations. While the vulnerability doesn't directly lead to data exfiltration, the disruption caused by the DoS could be leveraged as a distraction for other malicious activities.
CVE-2026-21004 was publicly disclosed on 2026-03-16. There are currently no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
The primary mitigation for CVE-2026-21004 is to upgrade Samsung Smart Switch to version 3.7.69.15 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime requirements, consider temporarily disabling Smart Switch when not in use to reduce the attack surface. While a direct WAF rule is not applicable, restricting physical access to devices running vulnerable versions of Smart Switch can significantly reduce the risk. There are no specific Sigma or YARA rules available for this vulnerability at this time.
Update the Smart Switch application to version 3.7.69.15 or later. This update corrects the improper authentication vulnerability that allows adjacent attackers to perform denial of service attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-21004 is a Denial of Service vulnerability in Samsung Smart Switch versions prior to 3.7.69.15, allowing a nearby attacker to disrupt the application's functionality.
You are affected if you are using Samsung Smart Switch version 3.7.69.15 or earlier. Check your app version and upgrade if necessary.
Upgrade to Samsung Smart Switch version 3.7.69.15 or later through the Google Play Store or Samsung Galaxy Store.
Currently, there are no confirmed reports of active exploitation of CVE-2026-21004, but it's recommended to apply the patch proactively.
Refer to the official Samsung Security Bulletin for details: [https://security.samsung.com/ (replace with actual URL when available)]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your build.gradle file and we'll tell you instantly if you're affected.