Matter
CVE-2026-20418
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID: MSV-4927.
AnalysisAI
Remote privilege escalation in Android Thread networking protocol implementation via out-of-bounds write. No additional execution privileges needed.
Technical ContextAI
CWE-787 OOB write in Thread networking stack. Remote exploitation without authentication or privileges.
RemediationAI
Apply Android security update.
An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK al
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today