Skip to main content

MediaTek Chipset CVE-2026-20448

| EUVD-2026-26888 MEDIUM
Improper Handling of Insufficient Permissions or Privileges (CWE-280)
2026-05-04 MediaTek
Privilege Escalation
6.7
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 04, 2026 - 14:22 vuln.today
CVSS changed
May 04, 2026 - 14:22 NVD
6.7 (None) 6.7 (MEDIUM)
EUVD ID Assigned
May 04, 2026 - 07:00 euvd
EUVD-2026-26888
Analysis Generated
May 04, 2026 - 07:00 vuln.today
CVE Published
May 04, 2026 - 05:41 nvd
MEDIUM 6.7

DescriptionNVD

In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.

AnalysisAI

Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission checks in geniezone allows attackers with System privilege to escalate their access without user interaction. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but EPSS score of 0.02% (4th percentile) and SSVC 'none' exploitation status indicate this vulnerability has not been observed in active, widespread exploitation despite the low barrier to exploitation from privileged context.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-20448 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy