CVE-2026-20431 - Vulnerability Details

Description

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.

Published: 2026-04-07

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MediaTek, Inc.

MediaTek chipset

unaffected

Version	Status	Constraints
`MT6813`	affected	—
`MT6815`	affected	—
`MT6835`	affected	—
`MT6878`	affected	—
`MT6897`	affected	—
`MT6899`	affected	—
`MT6986`	affected	—
`MT6991`	affected	—
`MT6993`	affected	—
`MT8668`	affected	—
`MT8676`	affected	—
`MT8678`	affected	—
`MT8755`	affected	—
`MT8775`	affected	—
`MT8792`	affected	—
`MT8793`	affected	—
`MT8863`	affected	—
`MT8873`	affected	—
`MT8883`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:mediatek:mt6813_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mediatek:mt6815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mediatek:mt6835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mediatek:mt6878_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mediatek:mt6897_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mediatek:mt6986_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6986:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mediatek:mt8668_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8668:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mediatek:mt8676_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mediatek:mt8678_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:mediatek:mt8755_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:mediatek:mt8775_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:mediatek:mt8792_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:mediatek:mt8863_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8863:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:mediatek:mt8873_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:mediatek:mt8883_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Mediatek, Inc.

Mediatek Chipset

100%

Version	Status	Scheme	Platform
`MT6813`	affected	generic	—
`MT6815`	affected	generic	—
`MT6835`	affected	generic	—
`MT6878`	affected	generic	—
`MT6897`	affected	generic	—
`MT6899`	affected	generic	—
`MT6986`	affected	generic	—
`MT6991`	affected	generic	—
`MT6993`	affected	generic	—
`MT8668`	affected	generic	—
`MT8676`	affected	generic	—
`MT8678`	affected	generic	—
`MT8755`	affected	generic	—
`MT8775`	affected	generic	—
`MT8792`	affected	generic	—
`MT8793`	affected	generic	—
`MT8863`	affected	generic	—
`MT8873`	affected	generic	—
`MT8883`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/April-2026

History

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Title	Modem Logic Error Causing Remote Device Crash

Fri, 10 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt6813 Mediatek mt6813 Firmware Mediatek mt6815 Mediatek mt6815 Firmware Mediatek mt6835 Mediatek mt6835 Firmware Mediatek mt6878 Mediatek mt6878 Firmware Mediatek mt6897 Mediatek mt6897 Firmware Mediatek mt6899 Mediatek mt6899 Firmware Mediatek mt6986 Mediatek mt6986 Firmware Mediatek mt6991 Mediatek mt6991 Firmware Mediatek mt6993 Mediatek mt6993 Firmware Mediatek mt8668 Mediatek mt8668 Firmware Mediatek mt8676 Mediatek mt8676 Firmware Mediatek mt8678 Mediatek mt8678 Firmware Mediatek mt8755 Mediatek mt8755 Firmware Mediatek mt8775 Mediatek mt8775 Firmware Mediatek mt8792 Mediatek mt8792 Firmware Mediatek mt8793 Mediatek mt8793 Firmware Mediatek mt8863 Mediatek mt8863 Firmware Mediatek mt8873 Mediatek mt8873 Firmware Mediatek mt8883 Mediatek mt8883 Firmware
CPEs		cpe:2.3:h:mediatek:mt6813:-:::::::* cpe:2.3:h:mediatek:mt6815:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6899:-:::::::* cpe:2.3:h:mediatek:mt6986:-:::::::* cpe:2.3:h:mediatek:mt6991:-:::::::* cpe:2.3:h:mediatek:mt6993:-:::::::* cpe:2.3:h:mediatek:mt8668:-:::::::* cpe:2.3:h:mediatek:mt8676:-:::::::* cpe:2.3:h:mediatek:mt8678:-:::::::* cpe:2.3:h:mediatek:mt8755:-:::::::* cpe:2.3:h:mediatek:mt8775:-:::::::* cpe:2.3:h:mediatek:mt8792:-:::::::* cpe:2.3:h:mediatek:mt8793:-:::::::* cpe:2.3:h:mediatek:mt8863:-:::::::* cpe:2.3:h:mediatek:mt8873:-:::::::* cpe:2.3:h:mediatek:mt8883:-:::::::* cpe:2.3:o:mediatek:mt6813_firmware:-:::::::* cpe:2.3:o:mediatek:mt6815_firmware:-:::::::* cpe:2.3:o:mediatek:mt6835_firmware:-:::::::* cpe:2.3:o:mediatek:mt6878_firmware:-:::::::* cpe:2.3:o:mediatek:mt6897_firmware:-:::::::* cpe:2.3:o:mediatek:mt6899_firmware:-:::::::* cpe:2.3:o:mediatek:mt6986_firmware:-:::::::* cpe:2.3:o:mediatek:mt6991_firmware:-:::::::* cpe:2.3:o:mediatek:mt6993_firmware:-:::::::* cpe:2.3:o:mediatek:mt8668_firmware:-:::::::* cpe:2.3:o:mediatek:mt8676_firmware:-:::::::* cpe:2.3:o:mediatek:mt8678_firmware:-:::::::* cpe:2.3:o:mediatek:mt8755_firmware:-:::::::* cpe:2.3:o:mediatek:mt8775_firmware:-:::::::* cpe:2.3:o:mediatek:mt8792_firmware:-:::::::* cpe:2.3:o:mediatek:mt8793_firmware:-:::::::* cpe:2.3:o:mediatek:mt8863_firmware:-:::::::* cpe:2.3:o:mediatek:mt8873_firmware:-:::::::* cpe:2.3:o:mediatek:mt8883_firmware:-:::::::*
Vendors & Products		Mediatek Mediatek mt6813 Mediatek mt6813 Firmware Mediatek mt6815 Mediatek mt6815 Firmware Mediatek mt6835 Mediatek mt6835 Firmware Mediatek mt6878 Mediatek mt6878 Firmware Mediatek mt6897 Mediatek mt6897 Firmware Mediatek mt6899 Mediatek mt6899 Firmware Mediatek mt6986 Mediatek mt6986 Firmware Mediatek mt6991 Mediatek mt6991 Firmware Mediatek mt6993 Mediatek mt6993 Firmware Mediatek mt8668 Mediatek mt8668 Firmware Mediatek mt8676 Mediatek mt8676 Firmware Mediatek mt8678 Mediatek mt8678 Firmware Mediatek mt8755 Mediatek mt8755 Firmware Mediatek mt8775 Mediatek mt8775 Firmware Mediatek mt8792 Mediatek mt8792 Firmware Mediatek mt8793 Mediatek mt8793 Firmware Mediatek mt8863 Mediatek mt8863 Firmware Mediatek mt8873 Mediatek mt8873 Firmware Mediatek mt8883 Mediatek mt8883 Firmware

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title		Modem Logic Error Causing Remote Device Crash

Tue, 07 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 07 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek, Inc. Mediatek, Inc. mediatek Chipset
Vendors & Products		Mediatek, Inc. Mediatek, Inc. mediatek Chipset

Tue, 07 Apr 2026 07:15:00 +0000

Type	Values Removed	Values Added
Description		In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.
Weaknesses		CWE-770
References		https://corp.mediatek.com/product-security-bulletin/April-2026

Subscriptions

Mediatek Mt6813 Mt6813 Firmware Mt6815 Mt6815 Firmware Mt6835 Mt6835 Firmware Mt6878 Mt6878 Firmware Mt6897 Mt6897 Firmware Mt6899 Mt6899 Firmware Mt6986 Mt6986 Firmware Mt6991 Mt6991 Firmware Mt6993 Mt6993 Firmware Mt8668 Mt8668 Firmware Mt8676 Mt8676 Firmware Mt8678 Mt8678 Firmware Mt8755 Mt8755 Firmware Mt8775 Mt8775 Firmware Mt8792 Mt8792 Firmware Mt8793 Mt8793 Firmware Mt8863 Mt8863 Firmware Mt8873 Mt8873 Firmware Mt8883 Mt8883 Firmware

Mediatek, Inc. Mediatek Chipset

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2026-04-07T03:25:28.491Z

Updated: 2026-04-07T12:59:17.543Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20431

Vulnrichment

Updated: 2026-04-07T12:59:10.087Z

NVD

Status : Analyzed

Published: 2026-04-07T04:16:59.930

Modified: 2026-04-10T19:58:43.890

Link: CVE-2026-20431

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-13T14:27:19Z

Weaknesses

CWE-770

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object