Summaryinfo

A vulnerability labeled as critical has been found in Samsung Devices. This vulnerability affects unknown code of the component Font Settings. Such manipulation leads to signature verification. This vulnerability is referenced as CVE-2026-20989. The attack can be executed directly on the physical device. No exploit is available. Applying a patch is advised to resolve this issue.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Samsung Devices (the affected version unknown). Affected by this issue is an unknown part of the component Font Settings. The manipulation with an unknown input leads to a signature verification vulnerability. Using CWE to declare the problem leads to CWE-347. The product does not verify, or incorrectly verifies, the cryptographic signature for data. Impacted is integrity. CVE summarizes:

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

The advisory is shared for download at security.samsungmobile.com. This vulnerability is handled as CVE-2026-20989 since 12/11/2025. The exploitation is known to be easy. The attack needs to be approached locally. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available.

Applying a patch is able to eliminate this problem.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Samsung

Name

• Devices

License

• commercial

Website

• Vendor: https://www.samsung.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion