CVE-2026-20433
Published: 07 April 2026
Summary
CVE-2026-20433 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Mt2735 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of inputs to the modem to enforce bounds checking, directly addressing the missing bounds check that enables the out-of-bounds write.
Implements memory safeguards such as stack canaries and non-executable memory to mitigate exploitation of out-of-bounds writes in the modem for privilege escalation.
Ensures timely remediation of flaws like this modem vulnerability through patching (e.g., MOLY01088681), preventing exploitation via rogue base stations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in modem enables remote privilege escalation via rogue base station (adjacent network).
NVD Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no…
more
additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Deeper analysisAI
CVE-2026-20433 is an out-of-bounds write vulnerability (CWE-787) in the Modem component, stemming from a missing bounds check. It affects MediaTek modem implementations, as detailed in the vendor's security bulletin. Published on April 7, 2026, the issue carries a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is tracked under Patch ID MOLY01088681 and Issue ID MSV-4460.
The vulnerability can be exploited remotely for escalation of privilege when a user equipment (UE) connects to a rogue base station controlled by an attacker. No additional execution privileges are required on the attacker's part, though user interaction is needed for the UE to connect. Successful exploitation could grant high confidentiality, integrity, and availability impacts in an adjacent network setting with low attack complexity.
MediaTek's April 2026 product security bulletin at https://corp.mediatek.com/product-security-bulletin/April-2026 provides details on the issue, including the associated patch MOLY01088681 for mitigation.
Details
- CWE(s)