Samsung KNOX UAF Vulnerability Exposes Millions of Devices to Risk

A critical use-after-free (UAF) vulnerability in Samsung's KNOX security subsystem, identified as CVE-2026-20971, has been discovered after remaining hidden for over eight years. This flaw affects hundreds of millions of Galaxy devices, allowing potential kernel-level memory corruption and complete device takeover. The vulnerability was patched in Samsung's January 2026 Android Security Update. Security research firm LucidBit revealed the flaw, which resides in the PROCA/FIVE components of the KNOX stack. Experts emphasize the severity of this issue, as it exists in software designed to enhance device security. Users of affected devices are urged to apply the security update to mitigate risks associated with this vulnerability.

Key Points: • CVE-2026-20971 is a critical UAF vulnerability affecting Samsung KNOX. • The flaw could allow complete device takeover on hundreds of millions of Galaxy devices. • Samsung released a patch for this vulnerability in January 2026.