Samsung has started pushing out its May 2026 security update to Galaxy devices, and this one carries more urgency than a typical monthly patch. It includes a fix for a critical zero-click Android vulnerability that lets attackers run code on your device without you doing anything at all.
What makes this vulnerability so serious?
The flaw, tracked as CVE-2026-0073, was identified by Google and listed under the System section of the Android Security Bulletin. According to the official description, the vulnerability “could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.”
In plain terms, an attacker doesn’t need you to tap a link or open a file. The exploit can run silently in the background, which is what makes zero-click vulnerabilities particularly concerning. You’d have no idea anything happened.
Samsung’s monthly security update: Explained
Each month, Samsung’s Security Maintenance Release (SMR) bundles two categories of fixes. The first comes from Google’s Android Security Bulletin, covering vulnerabilities in the core Android system. The second covers Samsung-specific issues, documented as Samsung Vulnerabilities and Exposures (SVE). Samsung had already disclosed most of its SVE fixes for May before this zero-click flaw surfaced from Google’s side, making this patch more significant than initially anticipated.
As we’ve covered before, Samsung’s security update rollouts tend to start with a handful of devices before expanding across the broader Galaxy lineup. This month is no different. So far, the Galaxy A56, Galaxy A55, and Galaxy A54 are among the first to receive the May 2026 patch, with more devices expected to follow in the coming days.
How to install the May 2026 security update on your Galaxy
If you want to check whether the update has arrived on your device, go to Settings > Software update > Download and install. Once it’s downloaded, make sure you actually restart your phone. The patch may not take full effect until the device reboots.
Given the nature of CVE-2026-0073, this isn’t a patch to sit on. Install it as soon as it shows up. We’ll keep you updated as more Galaxy devices receive the May 2026 security update.
