← Back ⬡ Vulnerabilities & CVEs Apr 07, 2026

CVE-2026-20432 | MediaTek MT8893 Base Station out-of-bounds write (MSV-4461 / EUVD-2026-19566)

VulDB Archived Apr 07, 2026 ✓ Full text saved

A vulnerability categorized as critical has been discovered in MediaTek MT2735, MT2737, MT6779, MT6781, MT6783, MT6785, MT6789, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8781, MT8789, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT

Full text archived locally

✦ AI Summary · Claude Sonnet

VDB-355707 · CVE-2026-20432 · MSV-4461 MEDIATEK MT8893 BASE STATION OUT-OF-BOUNDS WRITE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 9.4 $0-$5k 1.74+ Summaryinfo A vulnerability identified as critical has been detected in MediaTek MT2735, MT2737, MT6779, MT6781, MT6783, MT6785, MT6789, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8781, MT8789, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. Affected by this vulnerability is an unknown functionality of the component Base Station Handler. Performing a manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2026-20432. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch. Detailsinfo A vulnerability classified as very critical has been found in MediaTek MT2735, MT2737, MT6779, MT6781, MT6783, MT6785, MT6789, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8781, MT8789, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. This affects some unknown functionality of the component Base Station Handler. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. CWE is classifying the issue as CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461. It is possible to read the advisory at corp.mediatek.com. This vulnerability is uniquely identified as CVE-2026-20432 since 11/03/2025. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 04/07/2026). Applying the patch MSV-4461 is able to eliminate this problem. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-19566). Productinfo Type Chip Software Vendor MediaTek Name MT2735 MT2737 MT6779 MT6781 MT6783 MT6785 MT6789 MT6813 MT6815 MT6833 MT6835 MT6853 MT6855 MT6873 MT6875 MT6877 MT6878 MT6879 MT6880 MT6883 MT6885 MT6886 MT6889 MT6890 MT6891 MT6893 MT6895 MT6896 MT6897 MT6899 MT6980 MT6983 MT6985 MT6989 MT6990 MT6991 MT6993 MT8668 MT8673 MT8675 MT8676 MT8678 MT8755 MT8771 MT8775 MT8781 MT8789 MT8791 MT8791T MT8792 MT8793 MT8795T MT8797 MT8798 MT8863 MT8873 MT8883 MT8893 License commercial CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 9.8 VulDB Meta Temp Score: 9.4 VulDB Base Score: 9.8 VulDB Temp Score: 9.4 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Out-of-bounds write CWE: CWE-787 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Patch Status: 🔍 0-Day Time: 🔒 Patch: MSV-4461 Timelineinfo 11/03/2025 CVE reserved 04/07/2026 +154 days Advisory disclosed 04/07/2026 +0 days VulDB entry created 04/07/2026 +0 days VulDB entry last update Sourcesinfo Advisory: MSV-4461 Status: Confirmed CVE: CVE-2026-20432 (🔒) GCVE (CVE): GCVE-0-2026-20432 GCVE (VulDB): GCVE-100-355707 EUVD: 🔒 Entryinfo Created: 04/07/2026 07:21 Updated: 04/07/2026 08:30 Changes: 04/07/2026 07:21 (56), 04/07/2026 08:30 (1) Complete: 🔍 Cache ID: 99:C75:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸

💬 Team Notes