CVSS: 6.5EPSS: 0%CPEs: 102EXPL: 0CVE-2026-20450
https://notcve.org/view.php?id=CVE-2026-20450
04 May 2026 — In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 136EXPL: 0CVE-2026-20449
https://notcve.org/view.php?id=CVE-2026-20449
04 May 2026 — In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 124EXPL: 0CVE-2026-20433
https://notcve.org/view.php?id=CVE-2026-20433
07 Apr 2026 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. En el módem, existe una posible escritura fuera de límites debido a una falta de verificación de límites. • https://corp.mediatek.com/product-security-bulletin/April-2026 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 116EXPL: 0CVE-2026-20432
https://notcve.org/view.php?id=CVE-2026-20432
07 Apr 2026 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461. • https://corp.mediatek.com/product-security-bulletin/April-2026 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 26EXPL: 0CVE-2026-20445
https://notcve.org/view.php?id=CVE-2026-20445
02 Mar 2026 — In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.4EPSS: 0%CPEs: 32EXPL: 0CVE-2026-20429
https://notcve.org/view.php?id=CVE-2026-20429
02 Mar 2026 — In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 49EXPL: 0CVE-2026-20444
https://notcve.org/view.php?id=CVE-2026-20444
02 Mar 2026 — In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436995; Issue ID: MSV-5721. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 49EXPL: 0CVE-2026-20443
https://notcve.org/view.php?id=CVE-2026-20443
02 Mar 2026 — In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5722. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 49EXPL: 0CVE-2026-20442
https://notcve.org/view.php?id=CVE-2026-20442
02 Mar 2026 — In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 99EXPL: 0CVE-2026-20434
https://notcve.org/view.php?id=CVE-2026-20434
02 Mar 2026 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135. • https://corp.mediatek.com/product-security-bulletin/March-2026 • CWE-787: Out-of-bounds Write •