Heap-based buffer overflow in MediaTek products - CVE-2026-20462
Published: July 1, 2026
Vulnerability identifier: #VU136044
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-20462
CWE-ID: CWE-122
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT6885
MT6893
MT6889
MT6883
MT6877
MT6853
MT6781
MT8791
MT8781
MT8768
MT8766R
MT8766
MT8765
MT8696
MT8695
MT6739
MT6855
MT6833
MT6789
MT6768
MT6765
MT6761
MT6885
MT6893
MT6889
MT6883
MT6877
MT6853
MT6781
MT8791
MT8781
MT8768
MT8766R
MT8766
MT8765
MT8696
MT8695
MT6739
MT6855
MT6833
MT6789
MT6768
MT6765
MT6761
Detailed vulnerability description
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists due to heap-based buffer overflow in the telephony component when processing input. A local user can send crafted input to cause memory corruption.
How to mitigate CVE-2026-20462
Install security update from vendor's website.