A serious vulnerability (CVE-2026-20971) has been discovered in Samsung's KNOX security system, specifically in the kernel's PROCA and FIVE subsystems. This use-after-free flaw can allow attackers to exploit a race condition during process integrity checks, potentially leading to kernel memory corruption. Researchers from LucidBit Labs noted that the vulnerability could be triggered by untrusted applications, which might result in complete device takeover.
Although Samsung released a fix in January 2026 for affected Galaxy devices (S9 to S25 and A-series models), the advisory highlighted the risks associated with local access and user interaction. The case illustrates that security mechanisms can themselves become targets, underscoring the need for diligent patch management and awareness of the attack surface.