CVE-2026-20452
Received Received - Intake
Memory Corruption in WLAN AP Driver via Heap Overflow

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MediaTek, Inc.

Description
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-01
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-20452
EUVD
EUVD-2026-33541
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
mediatek mt6890 *
mediatek mt7615 *
mediatek mt7915 *
mediatek mt7916 *
mediatek mt7981 *
mediatek mt7986 *
mediatek mt7990 *
mediatek mt7992 *
mediatek mt7993 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-20452 is a high-severity vulnerability found in the wlan AP driver of multiple MediaTek chipsets. It involves a heap buffer overflow that can cause memory corruption. This flaw could allow an attacker to execute code remotely if they are proximal or adjacent to the device, requiring only user execution privileges and no user interaction.


How can this vulnerability impact me? :

This vulnerability can lead to remote code execution on affected devices, potentially allowing an attacker nearby to run malicious code with user-level privileges. This could compromise the security and integrity of the device, leading to unauthorized access or control.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, apply the security patches provided by MediaTek for the affected chipsets, including MT6890, MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993.

Device OEMs were notified and provided with patches at least two months before public disclosure, so ensure your devices are updated with the latest firmware or driver versions that include these patches.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart