Skip to main content

MediaTek Modem EUVDEUVD-2026-26889

| CVE-2026-20449 MEDIUM
Classic Buffer Overflow (CWE-120)
2026-05-04 MediaTek
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 04, 2026 - 14:22 vuln.today
CVSS changed
May 04, 2026 - 14:22 NVD
6.5 (None) 6.5 (MEDIUM)
EUVD ID Assigned
May 04, 2026 - 07:00 euvd
EUVD-2026-26889
Analysis Generated
May 04, 2026 - 07:00 vuln.today
CVE Published
May 04, 2026 - 05:41 nvd
MEDIUM 6.5

DescriptionCVE.org

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.

AnalysisAI

Heap buffer overflow in MediaTek modem firmware allows remote denial of service when a device connects to an attacker-controlled base station. The vulnerability affects a wide range of MediaTek chipsets and can crash the modem without requiring user interaction or special privileges. No public exploit code has been identified, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the low EPSS score (0.07%) suggests limited real-world exploitation likelihood despite the attack vector requiring only adjacent network access.

Technical ContextAI

The vulnerability resides in the modem subsystem of MediaTek-based mobile devices, which handles cellular communications including baseband processing and connection management to cellular base stations. The heap buffer overflow (CWE-120) occurs during modem operations, likely in protocol parsing or signal handling during base station connection establishment. The adjacent network attack vector (AV:A) indicates the attacker must be positioned as an intermediary (rogue base station) within radio range to send specially crafted wireless signals that trigger the overflow. This affects baseband firmware across multiple MediaTek chipset generations (MT6xxx, MT8xxx, MT2xxx families), which are widely used in mid-range and budget Android devices, IoT modems, and feature phones.

RemediationAI

Apply the MediaTek security patch identified as MOLY01760138 (Issue ID: MSV-6148) to affected modem firmware. Device manufacturers (OEMs) must incorporate this patch into their device firmware releases and push updates through official update mechanisms. End users should install all available system and security updates from their device manufacturer when released, as OEMs will integrate MediaTek's modem patch into their builds. Interim mitigations for high-risk environments include: disable cellular connectivity when not required (trade-off: loss of mobile connectivity); physically distance devices from untrusted networks or locations where rogue base stations might be deployed (trade-off: limits mobility); restrict device usage to trusted carrier networks only by disabling roaming to unknown networks via device settings (trade-off: limited roaming capability). However, these mitigations only reduce exposure and do not eliminate the vulnerability - patching remains the primary remediation. Consult MediaTek Product Security Bulletin (May 2026) and your device manufacturer's advisory for patch availability timelines.

CVE-2026-20433 HIGH
8.8 Apr 07

Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-cont

CVE-2026-20432 HIGH
8.0 Apr 07

Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment con

CVE-2026-20452 HIGH
8.0 Jun 01

Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user

CVE-2026-20455 HIGH
7.8 Jun 01

Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gain

CVE-2026-20458 HIGH
7.5 Jul 01

Remote privilege escalation in the baseband modem firmware of dozens of MediaTek chipsets allows an attacker operating a

CVE-2026-20462 MEDIUM
6.7 Jul 01

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Andr

CVE-2026-20463 MEDIUM
6.7 Jul 01

Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System

CVE-2026-20453 MEDIUM
6.7 Jun 01

Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to

CVE-2026-20451 MEDIUM
6.7 May 04

Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege esca

CVE-2026-20447 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors t

CVE-2026-20448 MEDIUM
6.7 May 04

Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission check

CVE-2026-20450 MEDIUM
6.5 May 04

Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via

Share

EUVD-2026-26889 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy