CVSS: 6.7EPSS: 0%CPEs: 64EXPL: 0CVE-2026-20451
https://notcve.org/view.php?id=CVE-2026-20451
04 May 2026 — In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2026-20448
https://notcve.org/view.php?id=CVE-2026-20448
04 May 2026 — In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 6.7EPSS: 0%CPEs: 34EXPL: 0CVE-2026-20447
https://notcve.org/view.php?id=CVE-2026-20447
04 May 2026 — In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 49EXPL: 0CVE-2026-20444
https://notcve.org/view.php?id=CVE-2026-20444
02 Mar 2026 — In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 49EXPL: 0CVE-2026-20443
https://notcve.org/view.php?id=CVE-2026-20443
02 Mar 2026 — In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 49EXPL: 0CVE-2026-20442
https://notcve.org/view.php?id=CVE-2026-20442
02 Mar 2026 — In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 99EXPL: 0CVE-2026-20434
https://notcve.org/view.php?id=CVE-2026-20434
02 Mar 2026 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2025-20786
https://notcve.org/view.php?id=CVE-2025-20786
06 Jan 2026 — In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673. • https://corp.mediatek.com/product-security-bulletin/January-2026 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2025-20785
https://notcve.org/view.php?id=CVE-2025-20785
06 Jan 2026 — In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677. • https://corp.mediatek.com/product-security-bulletin/January-2026 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2025-20784
https://notcve.org/view.php?id=CVE-2025-20784
06 Jan 2026 — In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683. • https://corp.mediatek.com/product-security-bulletin/January-2026 • CWE-457: Use of Uninitialized Variable •