Out of Bounds Write in GenieZone by MediaTek Leads to Local Privilege Escalation
CVE-2026-20454

6.4MEDIUM

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-20454?

The GenieZone product by MediaTek contains a vulnerability that may allow an attacker to exploit a race condition, resulting in an out of bounds write. If a malicious actor has already gained system privileges, this flaw can enable them to escalate their privileges locally without the need for any user interaction. It is crucial for users and administrators to apply the necessary patches provided by MediaTek to mitigate this risk.

Affected Version(s)

MediaTek chipset MT6739

MediaTek chipset MT6761

MediaTek chipset MT6765

References

https://corp.mediatek.com/product-security-bulletin/June-...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20454 Data

JSON