CVE-2026-20985 – This vulnerability in Samsung Members app allow... (How to Fix)

Q: What is the severity of CVE-2026-20985?

CVE-2026-20985 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Samsung Members app allows remote attackers to redirect users to arbitrary URLs and launch arbitrary activities with the app's privileges. Attackers can potentially execute code or access sensitive data when users interact with malicious content. All Samsung device users with vulnerable Samsung Members app versions are affected.

📋 TL;DR

This vulnerability in Samsung Members app allows remote attackers to redirect users to arbitrary URLs and launch arbitrary activities with the app's privileges. Attackers can potentially execute code or access sensitive data when users interact with malicious content. All Samsung device users with vulnerable Samsung Members app versions are affected.

💻 Affected Systems

Products:

Samsung Members

Versions: All versions prior to 5.6.00.11

Operating Systems: Android (Samsung devices)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Samsung devices with Samsung Members app installed. User interaction required for exploitation.

📦 What is this software?

Members by Samsung

View all CVEs affecting Members →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing data theft, surveillance, or ransomware deployment through privilege escalation.

🟠

Likely Case

Phishing attacks, data exfiltration, or installation of malicious apps through user redirection.

🟢

If Mitigated

Limited to phishing attempts or minor data leakage if app sandboxing prevents privilege escalation.

🌐 Internet-Facing: HIGH - Remote attackers can exploit this vulnerability over the internet when users interact with malicious content.

🏢 Internal Only: MEDIUM - Could be exploited internally through phishing or malicious links, but requires user interaction.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking malicious link). No authentication needed for initial access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.6.00.11

Vendor Advisory: https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=02

Restart Required: No

Instructions:

1. Open Google Play Store on Samsung device. 2. Search for 'Samsung Members'. 3. Update to version 5.6.00.11 or later. 4. Alternatively, update through Samsung Galaxy Store if available.

🔧 Temporary Workarounds

Disable Samsung Members app

android

Temporarily disable the vulnerable app until patched

adb shell pm disable-user --user 0 com.samsung.android.voc

Restrict app permissions

android

Remove unnecessary permissions from Samsung Members app

adb shell pm revoke com.samsung.android.voc android.permission.INTERNET

🧯 If You Can't Patch

Educate users to avoid clicking unknown links in Samsung Members app
Implement network filtering to block suspicious URLs and domains

🔍 How to Verify

Check if Vulnerable:

Check Samsung Members app version in Settings > Apps > Samsung Members > App info

Check Version:

adb shell dumpsys package com.samsung.android.voc | grep versionName

Verify Fix Applied:

Confirm Samsung Members version is 5.6.00.11 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual URL launches from Samsung Members app
Suspicious activity intents from com.samsung.android.voc

Network Indicators:

Unexpected outbound connections from Samsung Members to unusual domains
Redirects to suspicious URLs

SIEM Query:

source="android_logs" app="com.samsung.android.voc" (url_launch OR intent_start) suspicious_domain=*

📊 Metadata

CVE ID: CVE-2026-20985

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score: 0.07% exploit probability (22.4th percentile)

Published: February 4, 2026

Last Updated: February 25, 2026

🔗 References

https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=02 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON