CVE-2026-21026 | Vulnerability Database | Aqua Security

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.

Affected Software

Name	Vendor	Start Version	End Version
Android	Samsung	16.0 (including)	16.0 (including)
Android	Samsung	16.0-smr-apr-2026-r1 (including)	16.0-smr-apr-2026-r1 (including)
Android	Samsung	16.0-smr-aug-2025-r1 (including)	16.0-smr-aug-2025-r1 (including)
Android	Samsung	16.0-smr-dec-2025-r1 (including)	16.0-smr-dec-2025-r1 (including)
Android	Samsung	16.0-smr-feb-2026-r1 (including)	16.0-smr-feb-2026-r1 (including)
Android	Samsung	16.0-smr-jan-2026-r1 (including)	16.0-smr-jan-2026-r1 (including)
Android	Samsung	16.0-smr-mar-2026-r1 (including)	16.0-smr-mar-2026-r1 (including)
Android	Samsung	16.0-smr-may-2026-r1 (including)	16.0-smr-may-2026-r1 (including)
Android	Samsung	16.0-smr-nov-2025-r1 (including)	16.0-smr-nov-2025-r1 (including)
Android	Samsung	16.0-smr-oct-2025-r1 (including)	16.0-smr-oct-2025-r1 (including)
Android	Samsung	16.0-smr-sep-2025-r1 (including)	16.0-smr-sep-2025-r1 (including)

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=06

NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-21026
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html