CVE-2026-20421

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20421
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/February-2026 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*
History

17 Feb 2026, 15:16

Type Values Removed Values Added
Summary
  • (es) En el módem, existe una posible caída del sistema debido a una validación de entrada incorrecta. Esto podría llevar a una denegación de servicio remota, si un UE se ha conectado a una estación base maliciosa controlada por el atacante, sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID del parche: MOLY01738293; ID del problema: MSV-5922.
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 6.5

03 Feb 2026, 21:23

Type Values Removed Values Added
First Time Mediatek mt6885
Mediatek mt6877
Mediatek nr15
Mediatek mt6893
Mediatek mt6853
Mediatek mt6855
Mediatek mt6883
Mediatek mt6873
Mediatek mt6891
Mediatek mt6889
Mediatek mt8791
Mediatek mt6833
Mediatek mt6880
Mediatek mt6890
Mediatek mt6875
Mediatek mt2735
Mediatek
CPE cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/February-2026 - () https://corp.mediatek.com/product-security-bulletin/February-2026 - Vendor Advisory

02 Feb 2026, 23:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

02 Feb 2026, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-02 09:15

Updated : 2026-02-17 15:16

NVD link : CVE-2026-20421

Mitre link : CVE-2026-20421

CVE.ORG link : CVE-2026-20421

JSON object : View

Products Affected

mediatek

  • mt6889
  • mt6883
  • mt6877
  • mt6891
  • mt6893
  • mt6880
  • mt6833
  • mt6885
  • mt8791
  • nr15
  • mt6853
  • mt6873
  • mt6890
  • mt2735
  • mt6855
  • mt6875
CWE
CWE-125

Out-of-bounds Read