CVE-2026-20432
Published: 07 April 2026
Summary
CVE-2026-20432 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Mt2735 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the missing bounds check causing the out-of-bounds write by requiring validation of modem inputs from base stations.
Provides memory protections that mitigate exploitation of out-of-bounds writes in modem firmware even if bounds checks fail.
Mandates timely remediation of the specific flaw via the vendor patch MOLY01406170 to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in modem firmware directly enables remote privilege escalation via rogue base station (matches T1068).
NVD Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no…
more
additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.
Deeper analysisAI
CVE-2026-20432 is an out-of-bounds write vulnerability (CWE-787) in the Modem component due to a missing bounds check. It affects MediaTek modem firmware, as detailed in the vendor's product security bulletin.
An attacker can exploit this vulnerability for remote escalation of privilege by controlling a rogue base station to which a user equipment (UE), such as a mobile device, connects. No additional execution privileges are required on the attacker's part, but user interaction is needed to induce the UE to connect to the rogue base station. The CVSS v3.1 base score is 8.0 (AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impacts to confidentiality, integrity, and availability in an adjacent network attack scenario.
MediaTek's April 2026 Product Security Bulletin provides mitigation guidance, including Patch ID MOLY01406170 for Issue ID MSV-4461. Affected devices should be updated with this patch to prevent exploitation.
Details
- CWE(s)