#VU125016 Allocation of Resources Without Limits or Throttling in MediaTek products - CVE-2026-20431
Published: April 7, 2026
Vulnerability identifier: #VU125016
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-20431
CWE-ID: CWE-770
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
MT6813
MT6815
MT6835
MT6878
MT6897
MT6899
MT6986
MT6991
MT6993
MT8668
MT8676
MT8678
MT8755
MT8775
MT8792
MT8793
MT8863
MT8873
MT8883
MT6813
MT6815
MT6835
MT6878
MT6897
MT6899
MT6986
MT6991
MT6993
MT8668
MT8676
MT8678
MT8755
MT8775
MT8792
MT8793
MT8863
MT8873
MT8883
Software vendor:
MediaTek
MediaTek
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to allocation of resources without limits or throttling in modem when handling input. A local user can trigger the logic error to cause a denial of service.
Remediation
Install security update from vendor's website.