Heap Buffer Overflow Vulnerability in Mediatek Modem
CVE-2026-20449

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 4 May 2026

What is CVE-2026-20449?

A vulnerability in Mediatek Modem allows attackers to exploit a heap buffer overflow, potentially leading to a system crash. This can occur when a user equipment (UE) connects to a compromised base station controlled by an attacker. Notably, the exploit does not require user interaction or additional execution privileges, making it particularly concerning for device security. Affected systems may face remote denial of service, which necessitates immediate attention to ensure protection from unauthorized access and potential disruptions.

Affected Version(s)

MediaTek chipset MT2735

MediaTek chipset MT2737

MediaTek chipset MT6739

References

https://corp.mediatek.com/product-security-bulletin/May-2026

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20449 Data

JSON