Local Denial of Service Vulnerability in MediaTek WLAN STA Driver
CVE-2026-20456

5.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-20456?

The MediaTek WLAN STA driver is susceptible to a local denial of service vulnerability due to the absence of necessary bounds checks. This flaw may result in a system crash, requiring user execution privileges for exploitation. Notably, the vulnerability does not necessitate user interaction, allowing it to be exploited without any action from the end-user. It is essential for users to apply the patch WCNCR00480851 to mitigate this issue effectively.

Affected Version(s)

MediaTek chipset MT7902

MediaTek chipset MT7920

MediaTek chipset MT7921

References

https://corp.mediatek.com/product-security-bulletin/June-...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20456 Data

JSON