Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2026-20401

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

Published

2026-02-02T09:15:54.663

Last Modified

2026-02-04T18:16:08.203

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-617
Type: Primary
CWE-754

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	mediatek	nr15	-	Yes
Hardware	mediatek	mt2735	-	No
Hardware	mediatek	mt6833	-	No
Hardware	mediatek	mt6853	-	No
Hardware	mediatek	mt6855	-	No
Hardware	mediatek	mt6873	-	No
Hardware	mediatek	mt6875	-	No
Hardware	mediatek	mt6877	-	No
Hardware	mediatek	mt6880	-	No
Hardware	mediatek	mt6883	-	No
Hardware	mediatek	mt6885	-	No
Hardware	mediatek	mt6889	-	No
Hardware	mediatek	mt6890	-	No
Hardware	mediatek	mt6891	-	No
Hardware	mediatek	mt6893	-	No
Hardware	mediatek	mt8675	-	No
Hardware	mediatek	mt8771	-	No
Hardware	mediatek	mt8791	-	No
Hardware	mediatek	mt8791t	-	No
Hardware	mediatek	mt8797	-	No

References

https://corp.mediatek.com/product-security-bulletin/February-2026 Vendor Advisory ([email protected])