Samsung’s Exynos-powered Galaxy S26 and Galaxy S26 Plus have been rooted, with researchers saying they managed to launch Magisk on the phones and capture the process on video. The odd part is not that a flagship phone got broken into – that happens every year somewhere – but that it happened after Samsung removed bootloader unlocking in One UI 8, which was supposed to make this sort of tinkering much harder.
The reported break-in affects only the Exynos 2600 versions of the phones. The Galaxy S26 Ultra is outside the story because it uses Qualcomm’s Snapdragon 8 Elite Gen5 for Galaxy, which leaves Samsung with a familiar split-personality lineup: one track for power users, another for everyone else.
What DarkNavy says happened
According to DarkNavy, the vulnerability could be triggered through a regular app before Magisk was successfully started. That matters because it suggests the attack path is not some exotic lab-only stunt, even if the technical details are still under wraps. The group has not disclosed the flaw’s mechanism, the firmware version involved, or any steps that would help others repeat it.
Why this matters for Galaxy S26 Exynos buyers
Android Authority says this is the first known root access on Exynos-based Galaxy S26 models after Samsung tightened the bootloader door. That puts Samsung in a slightly embarrassing spot: the company can reduce official modification options, but it cannot make the device unmodifiable. Security researchers tend to treat those locked doors as a challenge, not a stop sign.
- Affected models: Galaxy S26 and Galaxy S26 Plus
- Chipset involved: Exynos 2600
- Unaffected model in this report: Galaxy S26 Ultra
- Tool used after access: Magisk
The unanswered question is whether this is a one-off proof of concept or the opening move in a broader chain of Exynos exploits. If the former, Samsung gets a public nuisance; if the latter, the company may need to patch quickly before modders and less friendly actors turn a demo into a playbook.