High

Out-of-bounds write in MediaTek Modem

IdentifiersCVE-2026-20432CWE-787· Out-of-bounds Write

CVE-2026-20432 is an out-of-bounds write vulnerability in the MediaTek modem component caused by a missing bounds check. According to the provided vendor description, the flaw can be triggered when a user equipment (UE) device connects to a rogue base station controlled by an attacker. Successful exploitation can result in remote escalation of privilege. The issue is tracked by MediaTek as Issue ID MSV-4461 and Patch ID MOLY01406170.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation may allow remote escalation of privilege in the modem context without requiring additional execution privileges. The provided CVSS v3.1 vector (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates high potential impact to confidentiality, integrity, and availability.

Mitigation

If you can’t patch tonight, do this now.

Limit exposure to rogue or untrusted base stations where feasible and prioritize deployment of patched modem firmware from MediaTek or the device OEM. Because exploitation requires the UE to connect to an attacker-controlled base station, reducing opportunities for attachment to untrusted radio infrastructure may lower risk until patches are applied. Specific additional mitigations are not provided in the available information.

Remediation

Patch, then assume compromise.

Apply the vendor patch identified as Patch ID MOLY01406170. MediaTek references this issue in its April 2026 product security bulletin. Downstream device vendors should integrate the corresponding modem fix into affected firmware builds.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

MediaTekMt2735 Firmwareoperating_system

MediaTekMt2737 Firmwareoperating_system

MediaTekMt6779 Firmwareoperating_system

MediaTekMt6781 Firmwareoperating_system

MediaTekMt6783 Firmwareoperating_system

MediaTekMt6785 Firmwareoperating_system

MediaTekMt6789 Firmwareoperating_system

MediaTekMt6813 Firmwareoperating_system

MediaTekMt6815 Firmwareoperating_system

MediaTekMt6833 Firmwareoperating_system

MediaTekMt6835 Firmwareoperating_system

MediaTekMt6853 Firmwareoperating_system

MediaTekMt6855 Firmwareoperating_system

MediaTekMt6873 Firmwareoperating_system

MediaTekMt6875 Firmwareoperating_system

MediaTekMt6877 Firmwareoperating_system

MediaTekMt6878 Firmwareoperating_system

MediaTekMt6879 Firmwareoperating_system

MediaTekMt6880 Firmwareoperating_system

MediaTekMt6883 Firmwareoperating_system

MediaTekMt6885 Firmwareoperating_system

MediaTekMt6886 Firmwareoperating_system

MediaTekMt6889 Firmwareoperating_system

MediaTekMt6890 Firmwareoperating_system

MediaTekMt6891 Firmwareoperating_system

MediaTekMt6893 Firmwareoperating_system

MediaTekMt6895 Firmwareoperating_system

MediaTekMt6896 Firmwareoperating_system

MediaTekMt6897 Firmwareoperating_system

MediaTekMt6899 Firmwareoperating_system

MediaTekMt6980 Firmwareoperating_system

MediaTekMt6983 Firmwareoperating_system

MediaTekMt6985 Firmwareoperating_system

MediaTekMt6989 Firmwareoperating_system

MediaTekMt6990 Firmwareoperating_system

MediaTekMt6991 Firmwareoperating_system

MediaTekMt6993 Firmwareoperating_system

MediaTekMt8668 Firmwareoperating_system

MediaTekMt8673 Firmwareoperating_system

MediaTekMt8675 Firmwareoperating_system

MediaTekMt8676 Firmwareoperating_system

MediaTekMt8678 Firmwareoperating_system

MediaTekMt8755 Firmwareoperating_system

MediaTekMt8771 Firmwareoperating_system

MediaTekMt8775 Firmwareoperating_system

MediaTekMt8781 Firmwareoperating_system

MediaTekMt8789 Firmwareoperating_system

MediaTekMt8791 Firmwareoperating_system

MediaTekMt8791t Firmwareoperating_system

MediaTekMt8792 Firmwareoperating_system

MediaTekMt8793 Firmwareoperating_system

MediaTekMt8795t Firmwareoperating_system

MediaTekMt8797 Firmwareoperating_system

MediaTekMt8798 Firmwareoperating_system

MediaTekMt8863 Firmwareoperating_system

MediaTekMt8873 Firmwareoperating_system

MediaTekMt8883 Firmwareoperating_system

MediaTekMt8893 Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cvefeed high severityNews

Apr 7, 2026

CVE-2026-20432 - Huawei Modem Out-of-Bounds Write Privilege Escalation Vulnerability

An out-of-bounds write vulnerability in MediaTek Modem caused by a missing bounds check that could allow remote escalation of privilege when a user equipment device connects to a rogue base station controlled by an attacker.

samsung mobile securityNews

Jan 17, 2022

Security Updates Firmware Updates | Samsung Mobile Security

An Android Security Bulletin vulnerability listed as not applicable to Samsung devices in this bulletin.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3