Cyber Posture

CVE-2026-20434

High

Published: 02 March 2026

Published
02 March 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20434 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Lr12A. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-16 Memory Protection
addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Out-of-bounds write in modem firmware directly enables remote privilege escalation via rogue base station (explicitly stated in description).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no…

more

additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.

Deeper analysisAI

CVE-2026-20434 is an out-of-bounds write vulnerability (CWE-787) in the Modem component due to a missing bounds check. It affects MediaTek modem firmware, as detailed in the vendor's product security bulletin. Published on 2026-03-02, the issue carries a CVSS v3.1 base score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is tracked under Patch ID MOLY00782946 and Issue ID MSV-4135.

Exploitation requires an attacker to control a rogue base station, with a user equipment (UE) connecting to it; user interaction is needed for the UE to connect. No additional execution privileges are required by the attacker. Successful exploitation could result in remote escalation of privilege, potentially allowing high confidentiality, integrity, and availability impacts.

MediaTek addresses the vulnerability with patch MOLY00782946. Additional mitigation details and affected products are outlined in the March 2026 product security bulletin at https://corp.mediatek.com/product-security-bulletin/March-2026.

Details

CWE(s)
CWE-787

Affected Products

mediatek
lr12a
all versions
mediatek
lr13
all versions
mediatek
nr15
all versions
mediatek
nr16
all versions
mediatek
nr17
all versions

CVEs Like This One

CVE-2025-20727Same product: Mediatek Lr12A
CVE-2025-20708Same product: Mediatek Mt2735
CVE-2026-20433Same product: Mediatek Mt2735
CVE-2026-20432Same product: Mediatek Mt2735
CVE-2025-20778Same product: Mediatek Mt6739
CVE-2025-20631Same vendor: Mediatek
CVE-2025-20632Same vendor: Mediatek
CVE-2025-20795Same product: Mediatek Mt6739
CVE-2026-20407Same vendor: Mediatek
CVE-2025-20641Same product: Mediatek Mt6739

References