CVE-2026-20451
Analyzed Analyzed - Analysis Complete
Out of Bounds Write in slbc Local Privilege Escalation

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: MediaTek, Inc.

Description
In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20451
EUVD
EUVD-2026-26891
Affected Vendors & Products
Showing 32 associated CPEs
Vendor Product Version / Range
mediatek mt8115_firmware *
mediatek mt8186_firmware *
mediatek mt8188_firmware *
mediatek mt8196_firmware *
mediatek mt8365_firmware *
mediatek mt8367_firmware *
mediatek mt8370_firmware *
mediatek mt8371_firmware *
mediatek mt8390_firmware *
mediatek mt8391_firmware *
mediatek mt8395_firmware *
mediatek mt8676_firmware *
mediatek mt8678_firmware *
mediatek mt8766_firmware *
mediatek mt8768_firmware *
mediatek mt8775_firmware *
mediatek mt8781_firmware *
mediatek mt8786_firmware *
mediatek mt8788e_firmware *
mediatek mt8791t_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8796_firmware *
mediatek mt8873_firmware *
mediatek mt8883_firmware *
mediatek mt8893_firmware *
mediatek mt8910_firmware *
mediatek mt2718_firmware *
mediatek mt6899_firmware *
mediatek mt6985_firmware *
mediatek mt6989_firmware *
mediatek mt6991_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Mediatek slbc component and is caused by a possible out of bounds write due to type confusion.

Type confusion occurs when a program mistakenly treats a piece of memory as a different type than it actually is, which can lead to unexpected behavior such as writing data outside the intended memory boundaries.

Exploiting this vulnerability could allow a malicious actor who already has System privilege to escalate their privileges locally without requiring any user interaction.

Impact Analysis

If exploited, this vulnerability could lead to local escalation of privilege, meaning an attacker with existing System privileges could gain higher or unauthorized privileges on the affected system.

This could allow the attacker to perform actions that are normally restricted, potentially compromising system integrity and security.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, apply the security patch identified as ALPS10828685 provided by MediaTek.

Since the vulnerability allows local escalation of privilege without user interaction, ensuring that your system is updated with the latest patches is critical.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20451. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart