CVE-2026-20452
Analyzed Analyzed - Analysis Complete

Memory Corruption in WLAN AP Driver via Heap Overflow

Vulnerability report for CVE-2026-20452, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MediaTek, Inc.

Description

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-07-11
AI Q&A
2026-06-01
EPSS Evaluated
2026-07-10
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
mediatek mt6890_firmware *
mediatek mt7615_firmware *
mediatek mt7915_firmware *
mediatek mt7916_firmware *
mediatek mt7981_firmware *
mediatek mt7986_firmware *
mediatek mt7990_firmware *
mediatek mt7992_firmware *
mediatek mt7993_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-20452 is a high-severity vulnerability found in the wlan AP driver of multiple MediaTek chipsets. It involves a heap buffer overflow that can cause memory corruption. This flaw could allow an attacker to execute code remotely if they are proximal or adjacent to the device, requiring only user execution privileges and no user interaction.

Impact Analysis

This vulnerability can lead to remote code execution on affected devices, potentially allowing an attacker nearby to run malicious code with user-level privileges. This could compromise the security and integrity of the device, leading to unauthorized access or control.

Mitigation Strategies

To mitigate this vulnerability, apply the security patches provided by MediaTek for the affected chipsets, including MT6890, MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993.

Device OEMs were notified and provided with patches at least two months before public disclosure, so ensure your devices are updated with the latest firmware or driver versions that include these patches.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20452. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart