CVE-2026-20449
Heap Buffer Overflow in Modem Leads to DoS
Publication date: 2026-05-04
Last updated on: 2026-05-07
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | mt6763_firmware | * |
| mediatek | mt6765_firmware | * |
| mediatek | mt6767_firmware | * |
| mediatek | mt6768_firmware | * |
| mediatek | mt6769_firmware | * |
| mediatek | mt6771_firmware | * |
| mediatek | mt6779_firmware | * |
| mediatek | mt6781_firmware | * |
| mediatek | mt6783_firmware | * |
| mediatek | mt6785_firmware | * |
| mediatek | mt6789_firmware | * |
| mediatek | mt6813_firmware | * |
| mediatek | mt6815_firmware | * |
| mediatek | mt6833_firmware | * |
| mediatek | mt6835_firmware | * |
| mediatek | mt6853_firmware | * |
| mediatek | mt6855_firmware | * |
| mediatek | mt6858_firmware | * |
| mediatek | mt6873_firmware | * |
| mediatek | mt6875_firmware | * |
| mediatek | mt6877_firmware | * |
| mediatek | mt6878_firmware | * |
| mediatek | mt6879_firmware | * |
| mediatek | mt6880_firmware | * |
| mediatek | mt6883_firmware | * |
| mediatek | mt6885_firmware | * |
| mediatek | mt6886_firmware | * |
| mediatek | mt6889_firmware | * |
| mediatek | mt6890_firmware | * |
| mediatek | mt6891_firmware | * |
| mediatek | mt6893_firmware | * |
| mediatek | mt6895_firmware | * |
| mediatek | mt6896_firmware | * |
| mediatek | mt6897_firmware | * |
| mediatek | mt6899_firmware | * |
| mediatek | mt6980_firmware | * |
| mediatek | mt6983_firmware | * |
| mediatek | mt6985_firmware | * |
| mediatek | mt6986d_firmware | * |
| mediatek | mt6988_firmware | * |
| mediatek | mt2735_firmware | * |
| mediatek | mt2737_firmware | * |
| mediatek | mt6739_firmware | * |
| mediatek | mt6761_firmware | * |
| mediatek | mt6762_firmware | * |
| mediatek | mt6989_firmware | * |
| mediatek | mt6990_firmware | * |
| mediatek | mt6991_firmware | * |
| mediatek | mt6993_firmware | * |
| mediatek | mt8668_firmware | * |
| mediatek | mt8673_firmware | * |
| mediatek | mt8675_firmware | * |
| mediatek | mt8676_firmware | * |
| mediatek | mt8678_firmware | * |
| mediatek | mt8755_firmware | * |
| mediatek | mt8771_firmware | * |
| mediatek | mt8775_firmware | * |
| mediatek | mt8791_firmware | * |
| mediatek | mt8791t_firmware | * |
| mediatek | mt8792_firmware | * |
| mediatek | mt8793_firmware | * |
| mediatek | mt8795t_firmware | * |
| mediatek | mt8797_firmware | * |
| mediatek | mt8798_firmware | * |
| mediatek | mt8863_firmware | * |
| mediatek | mt8873_firmware | * |
| mediatek | mt8883_firmware | * |
| mediatek | mt8893_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-20449 is a high-severity vulnerability in the Modem subcomponent of multiple MediaTek chipsets. It is caused by a heap buffer overflow, which is a type of memory corruption where more data is written to a buffer than it can hold.
This overflow can cause the system to crash if a user equipment (UE) connects to a rogue base station controlled by an attacker. No user interaction or additional execution privileges are needed to exploit this vulnerability.
The vulnerability is classified under CWE-120, indicating it is a classic buffer overflow issue.
How can this vulnerability impact me? :
This vulnerability can lead to a remote denial of service (DoS) condition by causing the system to crash when a device connects to a malicious base station.
Since no user interaction or additional privileges are required, an attacker can exploit this remotely, potentially disrupting device availability and connectivity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the security patches provided by MediaTek to device OEMs. These patches address the heap buffer overflow in the Modem subcomponent and prevent potential system crashes caused by connections to rogue base stations.
Since the vulnerability does not require user interaction and can be exploited remotely, it is critical to update affected devices as soon as possible with the official patch identified as MOLY01760138.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on a network or system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.