Skip to main content

MediaTek Modem CVE-2026-20463

| EUVDEUVD-2026-40876 MEDIUM
Improper Handling of Insufficient Permissions or Privileges (CWE-280)
2026-07-01 MediaTek GHSA-hq5v-pc42-8w5f
6.7
CVSS 3.1 · Vendor: MediaTek
Share

Severity by source

Vendor (MediaTek) PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.7 MEDIUM

Local-only vector (AV:L) with high privilege prerequisite (PR:H) matches the System-level access requirement; full C/I/A impact reflects post-escalation control.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (MediaTek).

CVSS VectorVendor: MediaTek

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 01, 2026 - 11:26 vuln.today
CVSS changed
Jul 01, 2026 - 11:22 NVD
6.7 (MEDIUM)
CVE Published
Jul 01, 2026 - 03:14 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309.

AnalysisAI

Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System-level access to bypass permission enforcement (CWE-280) and escalate further within the device. The vulnerability is confirmed by MediaTek in their July 2026 Product Security Bulletin (Patch ID: MOLY01716533, Issue ID: MSV-6309) and affects a broad swath of chipsets spanning low-end to flagship tiers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain System privilege via separate exploit
Delivery
Target MediaTek Modem component locally
Exploit
Trigger permissions bypass (CWE-280)
Execution
Escalate to higher privileged context
Impact
Achieve full device confidentiality, integrity, and availability compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to have already obtained System-level privilege on the target Android device running an affected MediaTek chipset - this is explicitly stated in the CVE description and confirmed by the PR:H metric in the CVSS vector (AV:L/AC:L/PR:H/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) accurately characterizes the key limiting factor: an attacker must already possess System-level privilege on the target device before this vulnerability is exploitable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained System-level code execution on a MediaTek-based Android device - for example, by chaining an application-layer vulnerability with a kernel privilege escalation - targets the Modem component using this permissions bypass to escalate beyond System to a higher-privileged context such as the baseband or trusted execution environment. No user interaction is required once System access is established. …
Remediation MediaTek has released a patch identified as Patch ID MOLY01716533, disclosed in the July 2026 MediaTek Product Security Bulletin at https://corp.mediatek.com/product-security-bulletin/July-2026. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-20433 HIGH
8.8 Apr 07

Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-cont

CVE-2026-20432 HIGH
8.0 Apr 07

Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment con

CVE-2026-20452 HIGH
8.0 Jun 01

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user

CVE-2026-20455 HIGH
7.8 Jun 01

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gain

CVE-2026-20458 HIGH
7.5 Jul 01

Remote privilege escalation in the baseband modem firmware of dozens of MediaTek chipsets allows an attacker operating a

CVE-2026-20462 MEDIUM
6.7 Jul 01

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Andr

CVE-2026-20453 MEDIUM
6.7 Jun 01

Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to

CVE-2026-20451 MEDIUM
6.7 May 04

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege esca

CVE-2026-20447 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors t

CVE-2026-20448 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission check

CVE-2026-20450 MEDIUM
6.5 May 04

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via

CVE-2026-20431 MEDIUM
6.5 Apr 07

Remote denial of service in MediaTek modem chipsets allows unauthenticated attackers to crash the system via a logic err

Share

CVE-2026-20463 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy