CVE-2026-20989

CWE-3474 documents4 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 99.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Android
Timeline
PublishedMar 16

Description

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

NVDsamsung/android16.0

🔴Vulnerability Details

2
GHSA
GHSA-2p26-r2gp-7xc2: Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font2026-03-16
CVEList
CVE-2026-20989: Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font2026-03-16

🕵️Threat Intelligence

1
Wiz
CVE-2026-20989 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-20989 (MEDIUM CVSS 5.1) | Improper verification of cryptograp | cvebase.io