This vulnerability involves improper authorization (CWE-285) in the AppBlock feature of Samsung Mobile Devices before the SMR Jun-2026 Release 1. A local attacker with low privileges can exploit this flaw to launch arbitrary activities, potentially bypassing intended access controls. Exploitation requires user interaction. The CVSS 4.0 vector indicates low attack complexity, local attack vector, and partial impact on confidentiality, integrity, and availability.

An attacker with local access and limited privileges can launch arbitrary activities on the affected device, which may lead to unauthorized actions within the device environment. User interaction is required to exploit this vulnerability, which limits the ease of exploitation. There are no reported exploits in the wild, and the impact is rated as medium severity.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects versions prior to SMR Jun-2026 Release 1, applying the June 2026 security maintenance release once available is recommended. Until then, users should exercise caution with local applications and avoid interacting with untrusted prompts that could trigger this vulnerability.