Primary

Context

Samsung Mobile Improper Input Validation Vulnerability in FacAtFunction Allowing Arbitrary Command Execution

Vulnerability

Patched

A vulnerability exists in Samsung Mobile devices running Android versions 14, 15, and 16, prior to the February 2026 Security Maintenance Release. The issue stems from improper input validation in the FacAtFunction, which allows a privileged physical attacker to execute arbitrary commands with system privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands with elevated system privileges, potentially allowing a physical attacker to manipulate device functionality or access sensitive information.

Remediation

Users can apply the February 2026 Security Maintenance Release to address this vulnerability. This update is available through the Samsung Smart Switch application or the Samsung Members app.

Added: Feb 4, 2026, 7:24 AM

Updated: Feb 4, 2026, 7:24 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

2.8

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

2.8

remediation

7.7

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Mobile Improper Input Validation Vulnerability in FacAtFunction Allowing Arbitrary Command Execution

Vulnerability

Impact

Remediation

Affected Products

Samsung Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating