Denial of Service Vulnerability in Modem by MediaTek
CVE-2026-20404

6.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 2 February 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-20404?

In MediaTek's modem, a security flaw exists due to insufficient input validation, which could allow attackers to induce a system crash. This vulnerability particularly arises when a User Equipment (UE) connects to a maliciously controlled rogue base station. Notably, the exploitation of this flaw does not require any user interaction nor elevated execution privileges, making it critical for users to ensure their devices are updated to versions that incorporate the necessary security patches.

Affected Version(s)

MediaTek chipset MT2735

MediaTek chipset MT2737

MediaTek chipset MT6813

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-20404-MediaTek-modem-remote-DoS-rogue-base-station-scenario-
Created by George0Papasotiriou

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 10, 2026
👾
Exploit known to exist
Feb 10, 2026
Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20404 Data

JSON