Allocation of Resources Without Limits or Throttling in MediaTek products - CVE-2026-20431
Published: April 7, 2026
Vulnerability identifier: #VU125016
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-20431
CWE-ID: CWE-770
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT6813
MT6815
MT6835
MT6878
MT6897
MT6899
MT6986
MT6991
MT6993
MT8668
MT8676
MT8678
MT8755
MT8775
MT8792
MT8793
MT8863
MT8873
MT8883
MT6813
MT6815
MT6835
MT6878
MT6897
MT6899
MT6986
MT6991
MT6993
MT8668
MT8676
MT8678
MT8755
MT8775
MT8792
MT8793
MT8863
MT8873
MT8883
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in modem when handling input. A local user can trigger the logic error to cause a denial of service.
How to mitigate CVE-2026-20431
Install security update from vendor's website.