Cyber Resilience

CVE-2026-20434

High

Published: 02 March 2026

Published
02 March 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0007 22.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20434 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Lr12A. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 22.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-20434 is an out-of-bounds write vulnerability (CWE-787) in the Modem component due to a missing bounds check. It affects MediaTek modem firmware, as detailed in the vendor's product security bulletin. Published on 2026-03-02, the issue carries a CVSS v3.1 base score of 7.5 (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is tracked under Patch ID MOLY00782946 and Issue ID MSV-4135.

Exploitation requires an attacker to control a rogue base station, with a user equipment (UE) connecting to it; user interaction is needed for the UE to connect. No additional execution privileges are required by the attacker. Successful exploitation could result in remote escalation of privilege, potentially allowing high confidentiality, integrity, and availability impacts.

MediaTek addresses the vulnerability with patch MOLY00782946. Additional mitigation details and affected products are outlined in the March 2026 product security bulletin at https://corp.mediatek.com/product-security-bulletin/March-2026.

EU & UK References

Vulnerability details

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no…

more

additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Out-of-bounds write in modem firmware directly enables remote privilege escalation via rogue base station (explicitly stated in description).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20727Same product: Mediatek Lr12A
CVE-2025-20708Same product: Mediatek Mt2735
CVE-2026-20433Same product: Mediatek Mt2735
CVE-2026-20432Same product: Mediatek Mt2735
CVE-2025-20778Same product: Mediatek Mt6739
CVE-2025-20795Same product: Mediatek Mt6739
CVE-2025-20631Same vendor: Mediatek
CVE-2026-20407Same vendor: Mediatek
CVE-2025-20632Same vendor: Mediatek
CVE-2025-20641Same product: Mediatek Mt6739

Affected Assets

mediatek
lr12a
all versions
mediatek
lr13
all versions
mediatek
nr15
all versions
mediatek
nr16
all versions
mediatek
nr17
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the missing bounds check by requiring validation of information inputs from untrusted sources like a rogue base station to prevent out-of-bounds writes.

prevent

Implements memory safeguards such as stack canaries or DEP to protect against exploitation of the out-of-bounds write vulnerability leading to privilege escalation.

preventrecover

Ensures timely identification, testing, and deployment of patches like MOLY00782946 to remediate the specific flaw in MediaTek modem firmware.

References