Out of Bounds Write Vulnerability in MediaTek Camera ISP
CVE-2026-20412

7.8HIGH

Key Information:

Vendor

MediaTek
Status
Mt6878, Mt6879, Mt6881, Mt6886, Mt6895, Mt6897, Mt6899, Mt6983, Mt6985, Mt6989, Mt6991, Mt6993, Mt8168, Mt8188, Mt8195, Mt8365, Mt8390, Mt8395, Mt8666, Mt8667, Mt8673, Mt8676, Mt8696, Mt8793
Vendor
CVE Published:
2 February 2026

What is CVE-2026-20412?

In the MediaTek Camera ISP, a vulnerability has been identified that allows an out of bounds write due to insufficient bounds checks. This issue poses a risk of local privilege escalation, provided that an attacker has already gained system privileges. The vulnerability is exploitable without requiring user interaction, making it particularly concerning. A patch has been issued to address this issue and enhance system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8696, MT8793 Android 13.0, 14.0, 15.0, 16.0

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.