Researchers uncovered CVE-2026-20971, an eight-year-old high-severity flaw in Samsung’s KNOX kernel that affected Galaxy S9 through Galaxy S25 devices and could be exploited through the interaction between PROCA and FIVE. Samsung fixed the issue in its January 2026 update, and the research highlights how a local vulnerability in a mobile security stack could still become a serious enterprise risk. #Samsung #KNOX #PROCA #FIVE #CVE-2026-20971 #LucidBitLabs
Keypoints
- CVE-2026-20971 is a high-severity Samsung vulnerability in the KNOX kernel.
- The flaw affected Galaxy S9 through Galaxy S25, plus A-series and Exynos/Qualcomm models.
- It involved a race-condition use-after-free between PROCA and FIVE.
- An untrusted app could potentially trigger kernel memory corruption.
- Samsung patched the issue in its January 2026 security update.