October 22, 2025: Tenable sends security contact request to several Samsung email addresses.
October 27, 2025: Samsung replies with contact info.
November 3, 2025: Tenable sends second contact request.
November 4, 2025: Samsung replies that they have replied with contact info.
November 10, 2025: Samsung replies again asking about our disclosures.
November 24, 2025: Tenable notices that Samsung had replied several times already but were routed to spam. Tenable apologizes and sends the disclosure email.
November 26, 2025: Samsung acknowledges receipt. One issue is already fixed, one not yet fixed. Samsung asks if we can test the fixed issue.
December 8, 2025: Tenable tells Samsung that the fix version is not currently available for download on the download site.
December 9, 2025: Samsung points to a new path to download the file. Tenable responds that they are unable to download the file without a Samsung Business account.
January 28, 2026: Tenable asks Samsung for an update.
January 30, 2026: Samsung replies that they don’t have an update yet. Tenable reminds Samsung or our public disclosure date. Tenable asks if they plan on making the newest version available on the public download site.
February 2, 2026: Samsung replies tha their policy has changed and new versions will only be available to partners.
February 25, 2026: Tenable inquires as to status and asks for CVEs assigned.
February 26, 2026: Tenable acknowledges that we can discuss more once date is sent.
February 27, 2026: Tenable requests patch release date.
March 3, 2026: Samsung advises they have released patch version 21.1091.1 to fix the issue and will advise CVE soon.
March 4, 2026: Tenable advises that we will publish our advisory today and requests CVE.
