CVE-2026-20431
Received Received - Intake
Logic Error in Modem Causes Remote Denial of Service

Publication date: 2026-04-07

Last updated on: 2026-04-10

Assigner: MediaTek, Inc.

Description
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20431
EUVD
EUVD-2026-19564
Affected Vendors & Products
Showing 19 associated CPEs
Vendor Product Version / Range
mediatek mt6813_firmware *
mediatek mt6815_firmware *
mediatek mt6835_firmware *
mediatek mt6878_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6986_firmware *
mediatek mt6991_firmware *
mediatek mt6993_firmware *
mediatek mt8668_firmware *
mediatek mt8676_firmware *
mediatek mt8678_firmware *
mediatek mt8755_firmware *
mediatek mt8775_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8863_firmware *
mediatek mt8873_firmware *
mediatek mt8883_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability causes a possible system crash leading to remote denial of service without affecting confidentiality or integrity. There is no indication that personal data is compromised or exposed.

Since the vulnerability impacts availability only and does not involve data breach or unauthorized data access, its direct effect on compliance with standards like GDPR or HIPAA is limited.

However, denial of service could impact system availability requirements under these regulations, so organizations should consider mitigation to maintain compliance.

Mitigation Strategies

To mitigate this vulnerability, apply the patch identified as MOLY01106496 provided by the vendor.

Avoid connecting to rogue base stations as the vulnerability can be exploited remotely without user interaction.

Executive Summary

This vulnerability exists in a modem where a logic error can cause the system to crash. Specifically, if a user equipment (UE) connects to a rogue base station controlled by an attacker, the modem may experience a system crash leading to a denial of service. Exploitation does not require any additional execution privileges or user interaction.

Impact Analysis

The primary impact of this vulnerability is a remote denial of service condition. An attacker controlling a rogue base station can cause the modem to crash when a UE connects to it, potentially disrupting network connectivity and service availability without needing any user action or elevated privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart