CVE-2026-20433
Received Received - Intake
Out-of-Bounds Write in Modem Enables Remote Privilege Escalation

Publication date: 2026-04-07

Last updated on: 2026-04-10

Assigner: MediaTek, Inc.

Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20433
EUVD
EUVD-2026-19568
Affected Vendors & Products
Showing 62 associated CPEs
Vendor Product Version / Range
mediatek mt2735_firmware *
mediatek mt2737_firmware *
mediatek mt6813_firmware *
mediatek mt6833_firmware *
mediatek mt6833p_firmware *
mediatek mt6835_firmware *
mediatek mt6835t_firmware *
mediatek mt6853_firmware *
mediatek mt6853t_firmware *
mediatek mt6855_firmware *
mediatek mt6855t_firmware *
mediatek mt6873_firmware *
mediatek mt6875_firmware *
mediatek mt6875t_firmware *
mediatek mt6877_firmware *
mediatek mt6877t_firmware *
mediatek mt6877tt_firmware *
mediatek mt6878_firmware *
mediatek mt6878m_firmware *
mediatek mt6879_firmware *
mediatek mt6880_firmware *
mediatek mt6883_firmware *
mediatek mt6885_firmware *
mediatek mt6886_firmware *
mediatek mt6889_firmware *
mediatek mt6890_firmware *
mediatek mt6891_firmware *
mediatek mt6893_firmware *
mediatek mt6895_firmware *
mediatek mt6895tt_firmware *
mediatek mt6896_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6980_firmware *
mediatek mt6980d_firmware *
mediatek mt6983_firmware *
mediatek mt6983t_firmware *
mediatek mt6985_firmware *
mediatek mt6985t_firmware *
mediatek mt6989_firmware *
mediatek mt6989t_firmware *
mediatek mt6990_firmware *
mediatek mt6991_firmware *
mediatek mt8668_firmware *
mediatek mt8673_firmware *
mediatek mt8675_firmware *
mediatek mt8676_firmware *
mediatek mt8678_firmware *
mediatek mt8755_firmware *
mediatek mt8771_firmware *
mediatek mt8775_firmware *
mediatek mt8791_firmware *
mediatek mt8791t_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8795t_firmware *
mediatek mt8797_firmware *
mediatek mt8798_firmware *
mediatek mt8863_firmware *
mediatek mt8873_firmware *
mediatek mt8883_firmware *
mediatek mt8893_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the modem component where there is a possible out of bounds write caused by a missing bounds check.

An attacker controlling a rogue base station can exploit this vulnerability if a user equipment (UE) connects to it.

Exploitation requires user interaction but does not require any additional execution privileges.

Impact Analysis

The vulnerability can lead to remote escalation of privilege on the affected modem.

This means an attacker could gain higher-level access remotely by tricking a device into connecting to a malicious base station.

Mitigation Strategies

To mitigate this vulnerability, apply the patch identified as MOLY01088681 provided by the vendor.

Avoid connecting to untrusted or rogue base stations to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart