CVSS: 6.7EPSS: 0%CPEs: 64EXPL: 0CVE-2026-20451
https://notcve.org/view.php?id=CVE-2026-20451
04 May 2026 — In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 102EXPL: 0CVE-2026-20450
https://notcve.org/view.php?id=CVE-2026-20450
04 May 2026 — In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 136EXPL: 0CVE-2026-20449
https://notcve.org/view.php?id=CVE-2026-20449
04 May 2026 — In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2026-20448
https://notcve.org/view.php?id=CVE-2026-20448
04 May 2026 — In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281. • https://corp.mediatek.com/product-security-bulletin/May-2026 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 8.8EPSS: 0%CPEs: 124EXPL: 0CVE-2026-20433
https://notcve.org/view.php?id=CVE-2026-20433
07 Apr 2026 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. En el módem, existe una posible escritura fuera de límites debido a una falta de verificación de límites. • https://corp.mediatek.com/product-security-bulletin/April-2026 • CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 116EXPL: 0CVE-2026-20432
https://notcve.org/view.php?id=CVE-2026-20432
07 Apr 2026 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461. • https://corp.mediatek.com/product-security-bulletin/April-2026 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2026-20431
https://notcve.org/view.php?id=CVE-2026-20431
07 Apr 2026 — In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467. • https://corp.mediatek.com/product-security-bulletin/April-2026 • CWE-770: Allocation of Resources Without Limits or Throttling •