CVE-2026-20972 is a vulnerability identified in Samsung Mobile devices related to the improper export of Android application components within the UwbTest application prior to the SMR (Security Maintenance Release) January 2026 Release 1. The root cause is classified under CWE-926, which pertains to improper export of components, allowing unauthorized access to application functionality. Specifically, this vulnerability permits local attackers with limited privileges (PR:L) to enable Ultra-Wideband (UWB) functionality on the device without requiring user interaction (UI:N) or network access (AV:L). UWB is a short-range wireless communication protocol used for precise location tracking and secure device-to-device communication. By exploiting this vulnerability, an attacker with local access could activate UWB capabilities, potentially bypassing intended security controls or privacy settings. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the limited attack vector (local), low complexity, no need for user interaction, and limited privileges required. There are no known exploits in the wild, and no patches have been explicitly linked yet, though the vulnerability was reserved in December 2025 and published in January 2026. The lack of network or user interaction requirements increases the risk in environments where local access is possible, such as shared or multi-user devices. The vulnerability highlights the importance of correctly configuring Android application component exports to prevent unauthorized access to sensitive device features.

For European organizations, this vulnerability could lead to unauthorized enabling of UWB on Samsung mobile devices, potentially exposing sensitive location data or enabling covert communication channels. This could undermine confidentiality and privacy, especially in sectors handling sensitive or classified information. While the vulnerability requires local access, in environments where devices are shared, lost, or temporarily accessible by unauthorized personnel, the risk increases. The improper activation of UWB could also interfere with device integrity and availability if exploited to manipulate device behavior. Organizations relying heavily on Samsung mobile devices for secure communications or location-based services may face operational disruptions or data leakage risks. Although no remote exploitation is possible, insider threats or physical access scenarios are relevant. The medium severity rating suggests a moderate risk that should be addressed promptly to maintain device security posture.

1. Restrict physical and local access to Samsung mobile devices, especially in sensitive environments, to prevent unauthorized users from exploiting the vulnerability. 2. Monitor UWB usage and device logs for unusual activation patterns that could indicate exploitation attempts. 3. Apply the SMR January 2026 Release 1 update or later as soon as it becomes available from Samsung to remediate the vulnerability. 4. Implement mobile device management (MDM) policies that limit or disable UWB functionality where not required. 5. Educate users about the risks of leaving devices unattended or lending them to untrusted individuals. 6. Conduct regular security audits on mobile devices to ensure application components are properly configured and not improperly exported. 7. For high-security environments, consider disabling UWB hardware via device settings or firmware controls if feasible until patches are applied.