Out of Bounds Write Vulnerability in MAE by MediaTek
CVE-2026-20438

6.4MEDIUM

Key Information:

Vendor

MediaTek
Status
Mt2718, Mt6899, Mt6991, Mt8168, Mt8169, Mt8186, Mt8188, Mt8678, Mt8695, Mt8696, Mt8793
Vendor
CVE Published:
2 March 2026

What is CVE-2026-20438?

A vulnerability exists in MediaTek's MAE that could allow a local escalation of privilege via an out of bounds write due to a race condition. This issue can be exploited by an attacker who already has system privileges, allowing for further unauthorized access to the system. Notably, user interaction is not required for exploiting this vulnerability. The potential implications make it critical for users to be aware and apply necessary patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT2718, MT6899, MT6991, MT8168, MT8169, MT8186, MT8188, MT8678, MT8695, MT8696, MT8793 Android 15.0

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.