CVE-2026-20449
Analyzed Analyzed - Analysis Complete
Heap Buffer Overflow in Modem Leads to DoS

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: MediaTek, Inc.

Description
In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20449
EUVD
EUVD-2026-26889
Affected Vendors & Products
Showing 68 associated CPEs
Vendor Product Version / Range
mediatek mt6763_firmware *
mediatek mt6765_firmware *
mediatek mt6767_firmware *
mediatek mt6768_firmware *
mediatek mt6769_firmware *
mediatek mt6771_firmware *
mediatek mt6779_firmware *
mediatek mt6781_firmware *
mediatek mt6783_firmware *
mediatek mt6785_firmware *
mediatek mt6789_firmware *
mediatek mt6813_firmware *
mediatek mt6815_firmware *
mediatek mt6833_firmware *
mediatek mt6835_firmware *
mediatek mt6853_firmware *
mediatek mt6855_firmware *
mediatek mt6858_firmware *
mediatek mt6873_firmware *
mediatek mt6875_firmware *
mediatek mt6877_firmware *
mediatek mt6878_firmware *
mediatek mt6879_firmware *
mediatek mt6880_firmware *
mediatek mt6883_firmware *
mediatek mt6885_firmware *
mediatek mt6886_firmware *
mediatek mt6889_firmware *
mediatek mt6890_firmware *
mediatek mt6891_firmware *
mediatek mt6893_firmware *
mediatek mt6895_firmware *
mediatek mt6896_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6980_firmware *
mediatek mt6983_firmware *
mediatek mt6985_firmware *
mediatek mt6986d_firmware *
mediatek mt6988_firmware *
mediatek mt2735_firmware *
mediatek mt2737_firmware *
mediatek mt6739_firmware *
mediatek mt6761_firmware *
mediatek mt6762_firmware *
mediatek mt6989_firmware *
mediatek mt6990_firmware *
mediatek mt6991_firmware *
mediatek mt6993_firmware *
mediatek mt8668_firmware *
mediatek mt8673_firmware *
mediatek mt8675_firmware *
mediatek mt8676_firmware *
mediatek mt8678_firmware *
mediatek mt8755_firmware *
mediatek mt8771_firmware *
mediatek mt8775_firmware *
mediatek mt8791_firmware *
mediatek mt8791t_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8795t_firmware *
mediatek mt8797_firmware *
mediatek mt8798_firmware *
mediatek mt8863_firmware *
mediatek mt8873_firmware *
mediatek mt8883_firmware *
mediatek mt8893_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20449 is a high-severity vulnerability in the Modem subcomponent of multiple MediaTek chipsets. It is caused by a heap buffer overflow, which is a type of memory corruption where more data is written to a buffer than it can hold.

This overflow can cause the system to crash if a user equipment (UE) connects to a rogue base station controlled by an attacker. No user interaction or additional execution privileges are needed to exploit this vulnerability.

The vulnerability is classified under CWE-120, indicating it is a classic buffer overflow issue.

Impact Analysis

This vulnerability can lead to a remote denial of service (DoS) condition by causing the system to crash when a device connects to a malicious base station.

Since no user interaction or additional privileges are required, an attacker can exploit this remotely, potentially disrupting device availability and connectivity.

Mitigation Strategies

To mitigate this vulnerability, apply the security patches provided by MediaTek to device OEMs. These patches address the heap buffer overflow in the Modem subcomponent and prevent potential system crashes caused by connections to rogue base stations.

Since the vulnerability does not require user interaction and can be exploited remotely, it is critical to update affected devices as soon as possible with the official patch identified as MOLY01760138.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20449. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart