In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00054.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
MediaTek, Inc. MediaTek chipset unaffected
Version Status Constraints
MT2735 affected
MT2737 affected
MT6779 affected
MT6781 affected
MT6783 affected
MT6785 affected
MT6789 affected
MT6813 affected
MT6815 affected
MT6833 affected
MT6835 affected
MT6853 affected
MT6855 affected
MT6873 affected
MT6875 affected
MT6877 affected
MT6878 affected
MT6879 affected
MT6880 affected
MT6883 affected
MT6885 affected
MT6886 affected
MT6889 affected
MT6890 affected
MT6891 affected
MT6893 affected
MT6895 affected
MT6896 affected
MT6897 affected
MT6899 affected
MT6980 affected
MT6983 affected
MT6985 affected
MT6989 affected
MT6990 affected
MT6991 affected
MT6993 affected
MT8668 affected
MT8673 affected
MT8675 affected
MT8676 affected
MT8678 affected
MT8755 affected
MT8771 affected
MT8775 affected
MT8781 affected
MT8789 affected
MT8791 affected
MT8791T affected
MT8792 affected
MT8793 affected
MT8795T affected
MT8797 affected
MT8798 affected
MT8863 affected
MT8873 affected
MT8883 affected
MT8893 affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Mediatek, Inc. Subscribe
Mediatek Chipset Subscribe

Project Subscriptions

Vendors Products
Mediatek, Inc. Subscribe
Mediatek Chipset Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://corp.mediatek.com/product-security-bulletin/April-2026 cve-icon cve-icon
History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Modem Out‐of‑Bounds Write Leading to Remote Privilege Escalation

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.
Weaknesses CWE-787
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-04-08T03:55:25.369Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20432

cve-icon Vulnrichment

Updated: 2026-04-07T12:59:49.248Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-07T04:17:12.413

Modified: 2026-04-07T14:16:19.247

Link: CVE-2026-20432

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:50:11Z

Weaknesses