Out of Bounds Write Vulnerability in Mediatek Modem
CVE-2026-20433

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-20433?

A vulnerability has been identified in Mediatek's Modem, attributed to a missing bounds check that permits an out of bounds write. This flaw potentially allows remote escalation of privilege when a user device connects to a rogue base station controlled by an attacker. Although user interaction is necessary for exploitation, it poses significant security risks if unaddressed. A patch has been issued to mitigate this issue (Patch ID: MOLY01088681; Issue ID: MSV-4460).

Affected Version(s)

MediaTek chipset MT2735

MediaTek chipset MT2737

MediaTek chipset MT6813

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20433 Data

JSON