Cyber Resilience

CVE-2026-20411

High

Published: 02 February 2026

Published
02 February 2026
Modified
04 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20411 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-20411 is a use-after-free vulnerability (CWE-416) in the cameraisp component, which could enable escalation of privilege. The issue affects devices utilizing MediaTek hardware, as indicated by the associated patch and bulletin. Published on February 2, 2026, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high impacts on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability without user interaction. Although the description notes potential for local denial of service upon already possessing System privileges, the CVSS metrics and escalation of privilege nature suggest an attacker could achieve full system compromise, including high confidentiality, integrity, and availability impacts.

MediaTek's February 2026 product security bulletin provides details on mitigation, including Patch ID ALPS10351676 and Issue ID MSV-5737. Security practitioners should apply the referenced patch to vulnerable cameraisp implementations in affected devices.

EU & UK References

Vulnerability details

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch…

more

ID: ALPS10351676; Issue ID: MSV-5737.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free in local system component (cameraisp) directly enables local privilege escalation to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20412Same product: Google Android
CVE-2025-20780Same product: Google Android
CVE-2025-20799Same product: Google Android
CVE-2025-20781Same product: Google Android
CVE-2025-20778Same product: Google Android
CVE-2025-20795Same product: Google Android
CVE-2025-20645Same product: Google Android
CVE-2025-20800Same product: Google Android
CVE-2024-40651Same product: Google Android
CVE-2024-40649Same product: Google Android

Affected Assets

google
android
13.0, 14.0, 15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws, directly addressing this use-after-free vulnerability by applying the specified patch ALPS10351676 to cameraisp.

prevent

Implements memory safeguards like address space layout randomization and non-executable memory to prevent exploitation of use-after-free vulnerabilities in cameraisp.

prevent

Enforces least privilege on processes, limiting the impact of privilege escalation from low-privilege local attackers exploiting the cameraisp use-after-free.

References