Out of Bounds Write Vulnerability in Mediatek Sec Boot
CVE-2026-20446

4.3MEDIUM

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-20446?

The vulnerability in Mediatek's sec boot involves a possible out of bounds write caused by an integer overflow during the boot process. If an attacker gains physical access to the device, they can exploit this vulnerability to cause a local denial of service. User execution privileges are required for exploitation, meaning that no additional user interaction is necessary for the attack to be carried out. For more details, refer to the Mediatek product security bulletin.

Affected Version(s)

MediaTek chipset MT6813

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20446 Data

JSON