CVE-2026-20418
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-02-03
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| matter | to 1.4 (inc) | |
| mediatek | mt7931 | * |
| mediatek | mt7933 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in Thread caused by a missing bounds check. It allows an attacker to write data outside the intended memory boundaries, potentially leading to remote escalation of privilege without needing additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to escalate their privileges on the affected system without requiring user interaction or additional execution privileges, potentially compromising system security and control.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as WCNCR00465153 to fix the out of bounds write vulnerability in Thread. Since no user interaction is needed for exploitation, updating the affected software as soon as possible is recommended to prevent remote escalation of privilege.