Out-of-bounds write in MediaTek products - CVE-2026-20461

 

Out-of-bounds write in MediaTek products - CVE-2026-20461

Published: July 1, 2026


Vulnerability identifier: #VU136043
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-20461
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: MediaTek
Affected software:
MT8793
MT6991
MT6993
MT8673
MT8676
MT8678
MT8755
MT8775
MT8792
MT6990
MT8795T
MT8796
MT8798
MT8863
MT8873
MT8883
MT8893
MT2737
MT6989
MT6988
MT6985
MT6983
MT6980
MT6899
MT6897
MT6896
MT6895
MT6886
MT6879
MT6878
MT6858
MT6835
MT6813

Detailed vulnerability description

The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to out-of-bounds write in the modem when processing input. A local user can send crafted input to cause memory corruption.


How to mitigate CVE-2026-20461

Install security update from vendor's website.

Sources