CVE-2026-20432
Out-of-Bounds Write in Modem Enables Remote Privilege Escalation
Publication date: 2026-04-07
Last updated on: 2026-04-10
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | mt2735_firmware | * |
| mediatek | mt2737_firmware | * |
| mediatek | mt6779_firmware | * |
| mediatek | mt6781_firmware | * |
| mediatek | mt6783_firmware | * |
| mediatek | mt8781_firmware | * |
| mediatek | mt8789_firmware | * |
| mediatek | mt8791_firmware | * |
| mediatek | mt8791t_firmware | * |
| mediatek | mt8792_firmware | * |
| mediatek | mt8793_firmware | * |
| mediatek | mt8795t_firmware | * |
| mediatek | mt8797_firmware | * |
| mediatek | mt8798_firmware | * |
| mediatek | mt8863_firmware | * |
| mediatek | mt8873_firmware | * |
| mediatek | mt8883_firmware | * |
| mediatek | mt8893_firmware | * |
| mediatek | mt6785_firmware | * |
| mediatek | mt6789_firmware | * |
| mediatek | mt6813_firmware | * |
| mediatek | mt6815_firmware | * |
| mediatek | mt6833_firmware | * |
| mediatek | mt6835_firmware | * |
| mediatek | mt6853_firmware | * |
| mediatek | mt6855_firmware | * |
| mediatek | mt6873_firmware | * |
| mediatek | mt6875_firmware | * |
| mediatek | mt6877_firmware | * |
| mediatek | mt6878_firmware | * |
| mediatek | mt6879_firmware | * |
| mediatek | mt6880_firmware | * |
| mediatek | mt6883_firmware | * |
| mediatek | mt6885_firmware | * |
| mediatek | mt6886_firmware | * |
| mediatek | mt6889_firmware | * |
| mediatek | mt6890_firmware | * |
| mediatek | mt6891_firmware | * |
| mediatek | mt6893_firmware | * |
| mediatek | mt6895_firmware | * |
| mediatek | mt6896_firmware | * |
| mediatek | mt6897_firmware | * |
| mediatek | mt6899_firmware | * |
| mediatek | mt6980_firmware | * |
| mediatek | mt6983_firmware | * |
| mediatek | mt6985_firmware | * |
| mediatek | mt6989_firmware | * |
| mediatek | mt6990_firmware | * |
| mediatek | mt6991_firmware | * |
| mediatek | mt6993_firmware | * |
| mediatek | mt8668_firmware | * |
| mediatek | mt8673_firmware | * |
| mediatek | mt8675_firmware | * |
| mediatek | mt8676_firmware | * |
| mediatek | mt8678_firmware | * |
| mediatek | mt8755_firmware | * |
| mediatek | mt8771_firmware | * |
| mediatek | mt8775_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify the CVE-2026-20432 vulnerability on your network or system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-20432 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-20432 is a high-severity security vulnerability in the modem subcomponent of various MediaTek chipsets. It is an out-of-bounds write issue caused by a missing bounds check, which means the software may write data outside the intended memory area.
This flaw can be exploited remotely if a user equipment (UE) connects to a rogue base station controlled by an attacker. No additional execution privileges are needed to exploit this vulnerability, but user interaction is required.
How can this vulnerability impact me? :
The vulnerability can lead to remote escalation of privilege on affected devices. This means an attacker controlling a rogue base station could potentially gain higher-level access or control over the device without needing extra permissions.
Such an escalation could compromise the security and integrity of the device, potentially allowing unauthorized actions or access to sensitive information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-20432 vulnerability, you should apply the security patches provided by MediaTek as referenced in their April 7, 2026 Product Security Bulletin.
Device OEMs were notified at least two months prior to the public release, so ensure your device firmware or modem software is updated to the latest version containing the patch identified as MOLY01406170.
Since exploitation requires a UE to connect to a rogue base station and user interaction, avoid connecting to untrusted or unknown base stations as a precaution.