CVE-2026-20977 is a vulnerability categorized under CWE-284 (Improper Access Control) found in Samsung Mobile Devices' Emergency Sharing feature prior to the SMR February 2026 Release 1 update. The flaw allows local attackers—those with physical or local access to the device—to interrupt the Emergency Sharing functionality, which is designed to facilitate rapid communication during emergencies. The vulnerability does not require any authentication or user interaction, making it easier to exploit once local access is obtained. However, the attack vector is limited to local access, meaning remote exploitation is not feasible. The vulnerability does not affect confidentiality, integrity, or availability of the device broadly but specifically targets the availability and reliability of the Emergency Sharing feature. No exploits have been reported in the wild, indicating it is not currently actively exploited. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the local attack vector and the impact on a critical but limited feature. Samsung has reserved the CVE and is expected to release patches in the SMR February 2026 Release 1 update. Organizations relying on Samsung Mobile Devices for emergency communication should monitor for patch availability and plan timely updates. The vulnerability highlights the importance of robust access controls even on local device features that support critical functions.

The primary impact of CVE-2026-20977 on European organizations lies in the potential disruption of the Emergency Sharing feature on Samsung Mobile Devices. This could impair emergency communication capabilities for users relying on these devices during critical situations, potentially delaying response times or preventing emergency alerts from being sent or received. While the vulnerability does not compromise sensitive data or device integrity, the interruption of emergency services can have serious safety implications, especially for first responders, healthcare providers, and public safety officials who use Samsung devices in their operations. The requirement for local access limits the risk to scenarios where an attacker can physically access the device, such as theft, insider threats, or unauthorized access in shared environments. European organizations with mobile workforces or critical infrastructure relying on Samsung devices should consider the risk of emergency communication disruption as a significant operational concern. The absence of known exploits reduces immediate risk, but the medium severity score indicates that timely patching is important to maintain emergency feature reliability.

1. Apply the SMR February 2026 Release 1 update from Samsung as soon as it becomes available to remediate the improper access control vulnerability in Emergency Sharing. 2. Implement strict physical security controls to prevent unauthorized local access to Samsung Mobile Devices, including device lock policies and secure storage when devices are not in use. 3. Enforce mobile device management (MDM) policies that restrict local debugging or unauthorized access features that could facilitate exploitation. 4. Educate users about the importance of safeguarding their devices, especially those used in emergency response roles, to reduce the risk of local attacks. 5. Monitor device logs and behavior for signs of tampering or abnormal interruptions in emergency communication features. 6. Consider deploying alternative or redundant emergency communication methods in critical environments to mitigate potential disruption. 7. Coordinate with Samsung support channels to receive timely vulnerability notifications and patch releases.