Primary

Context

Samsung ShortcutService Path Traversal Vulnerability Allowing Privileged File Creation

Vulnerability

A path traversal vulnerability has been identified in the ShortcutService component of Samsung devices, affecting Android versions 14, 15, and 16, prior to the February 2026 Security Maintenance Release. This vulnerability allows a privileged local attacker to create files with system privileges by exploiting improper input validation in the ShortcutService.

Impact

Exploitation of this vulnerability could lead to unauthorized file creation with system privileges, potentially allowing for further exploitation or modification of system files.

Remediation

Users can apply the February 2026 Security Maintenance Release to address this vulnerability. This update is available through the Samsung Smart Switch application or the Samsung Members app.

Added: Feb 4, 2026, 7:22 AM

Updated: Feb 4, 2026, 7:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung ShortcutService Path Traversal Vulnerability Allowing Privileged File Creation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating