Heap Buffer Overflow in Mediatek WLAN Products
CVE-2026-20408

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 2 February 2026

What is CVE-2026-20408?

A heap buffer overflow vulnerability exists in Mediatek's WLAN products, which can potentially allow an attacker to escalate privileges without requiring any user interaction. This flaw enables remote access to affected systems, posing significant security risks if left unchecked. Affected products may require immediate updates to mitigate exploitation risks.

Affected Version(s)

MediaTek chipset MT6890

MediaTek chipset MT7615

MediaTek chipset MT7915

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20408 Data

JSON