Samsung Galaxy Store vulnerabilities

31 known vulnerabilities affecting samsung/galaxy_store.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH10MEDIUM18LOW1

Vulnerabilities

Page 1 of 2

CVE-2026-21000HIGHCVSS 7.0fixed in 4.6.03.82026-03-16

CVE-2026-21000 [HIGH] CWE-22 CVE-2026-21000: Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create fi Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

nvd

CVE-2026-21002MEDIUMCVSS 5.9fixed in 4.6.03.82026-03-16

CVE-2026-21002 [MEDIUM] CWE-347 CVE-2026-21002: Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows lo Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.

nvd

CVE-2026-21001MEDIUMCVSS 5.9fixed in 4.6.03.82026-03-16

CVE-2026-21001 [MEDIUM] CWE-22 CVE-2026-21001: Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with G Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

nvd

CVE-2026-20976MEDIUMCVSS 5.1fixed in 4.6.02.02026-01-09

CVE-2026-20976 [MEDIUM] CVE-2026-20976: Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute a Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.

nvd

CVE-2025-58483LOWCVSS 3.3fixed in 1.0.06.292025-12-02

CVE-2025-58483 [MEDIUM] CVE-2025-58483: Improper export of android application components in Galaxy Store for Galaxy Watch prior to version Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.

nvd

CVE-2023-21483MEDIUMCVSS 5.5fixed in 4.5.53.62025-09-03

CVE-2023-21483 [MEDIUM] CVE-2023-21483: Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacke Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.

nvd

CVE-2025-20951MEDIUMCVSS 5.5fixed in 4.5.90.72025-04-08

CVE-2025-20951 [MEDIUM] CVE-2025-20951: Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

nvd

CVE-2025-20895MEDIUMCVSS 4.6fixed in 4.5.87.62025-02-04

CVE-2025-20895 [LOW] CVE-2025-20895: Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physi Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

nvd

CVE-2024-34601MEDIUMCVSS 5.3fixed in 4.5.81.02024-07-02

CVE-2024-34601 [MEDIUM] CVE-2024-34601: Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.

nvd

CVE-2024-20870MEDIUMCVSS 5.5fixed in 4.5.71.82024-05-07

CVE-2024-20870 [MEDIUM] CVE-2024-20870: Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

nvd

CVE-2024-20823MEDIUMCVSS 5.5fixed in 4.5.63.62024-02-06

CVE-2024-20823 [MEDIUM] CVE-2024-20823: Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

nvd

CVE-2024-20825MEDIUMCVSS 5.5fixed in 4.5.63.62024-02-06

CVE-2024-20825 [MEDIUM] CVE-2024-20825: Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows loca Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

nvd

CVE-2024-20824MEDIUMCVSS 5.5fixed in 4.5.63.62024-02-06

CVE-2024-20824 [MEDIUM] CVE-2024-20824: Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 all Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

nvd

CVE-2024-20822MEDIUMCVSS 5.5fixed in 4.5.63.62024-02-06

CVE-2024-20822 [MEDIUM] CVE-2024-20822: Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

nvd

CVE-2023-42580CRITICALCVSS 9.8fixed in 4.5.64.42023-12-05

CVE-2023-42580 [HIGH] CVE-2023-42580: Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows att Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

nvd

CVE-2023-42581HIGHCVSS 7.5fixed in 4.5.64.42023-12-05

CVE-2023-42581 [HIGH] CVE-2023-42581: Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows a Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

nvd

CVE-2023-30705MEDIUMCVSS 5.5fixed in 4.5.56.62023-08-10

CVE-2023-30705 [MEDIUM] CWE-863 CVE-2023-30705: Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local atta Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

nvd

CVE-2023-21516CRITICALCVSS 9.6fixed in 4.5.49.82023-05-26

CVE-2023-21516 [HIGH] CWE-20 CVE-2023-21516: XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to exe XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

nvd

CVE-2023-21514HIGHCVSS 8.8fixed in 4.5.49.82023-05-26

CVE-2023-21514 [HIGH] CWE-20 CVE-2023-21514: Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allow Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

nvd

CVE-2023-21515HIGHCVSS 8.8fixed in 4.5.49.82023-05-26

CVE-2023-21515 [HIGH] CWE-20 CVE-2023-21515: InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

nvd

1 / 2Next →