Cyber Posture

CVE-2026-20411

High

Published: 02 February 2026

Published
02 February 2026
Modified
04 February 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0000 0.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20411 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of flaws, directly addressing this use-after-free vulnerability by applying the specified patch ALPS10351676 to cameraisp.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like address space layout randomization and non-executable memory to prevent exploitation of use-after-free vulnerabilities in cameraisp.

AC-6 Least Privilege partial match
prevent

Enforces least privilege on processes, limiting the impact of privilege escalation from low-privilege local attackers exploiting the cameraisp use-after-free.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Use-after-free in local system component (cameraisp) directly enables local privilege escalation to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch…

more

ID: ALPS10351676; Issue ID: MSV-5737.

Deeper analysisAI

CVE-2026-20411 is a use-after-free vulnerability (CWE-416) in the cameraisp component, which could enable escalation of privilege. The issue affects devices utilizing MediaTek hardware, as indicated by the associated patch and bulletin. Published on February 2, 2026, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high impacts on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability without user interaction. Although the description notes potential for local denial of service upon already possessing System privileges, the CVSS metrics and escalation of privilege nature suggest an attacker could achieve full system compromise, including high confidentiality, integrity, and availability impacts.

MediaTek's February 2026 product security bulletin provides details on mitigation, including Patch ID ALPS10351676 and Issue ID MSV-5737. Security practitioners should apply the referenced patch to vulnerable cameraisp implementations in affected devices.

Details

CWE(s)
CWE-416

Affected Products

google
android
13.0, 14.0, 15.0, 16.0

CVEs Like This One

CVE-2026-20412Same product: Google Android
CVE-2025-20780Same product: Google Android
CVE-2025-20799Same product: Google Android
CVE-2025-20781Same product: Google Android
CVE-2025-20778Same product: Google Android
CVE-2025-20795Same product: Google Android
CVE-2025-20645Same product: Google Android
CVE-2025-20800Same product: Google Android
CVE-2025-48543Same product: Google Android
CVE-2025-22409Same product: Google Android

References