Out of Bounds Write Vulnerability in MediaTek Modem
CVE-2026-20432

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-20432?

In MediaTek's modem, a possible out of bounds write vulnerability exists due to insufficient bounds checking. This flaw could enable an attacker to escalate privileges remotely by exploiting a user equipment (UE) connected to a rogue base station they control. The exploitation requires user interaction, making awareness and caution essential for affected users. Patch ID: MOLY01406170; Issue ID: MSV-4461.

Affected Version(s)

MediaTek chipset MT2735

MediaTek chipset MT2737

MediaTek chipset MT6779

References

https://corp.mediatek.com/product-security-bulletin/April...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20432 Data

JSON