High

Out-of-bounds write in MediaTek Modem

IdentifiersCVE-2026-20433CWE-787· Out-of-bounds Write

CVE-2026-20433 is an out-of-bounds write vulnerability in the MediaTek modem component caused by a missing bounds check. According to the provided vendor description, the flaw can be triggered in the modem processing path when a user equipment (UE) connects to a rogue base station controlled by an attacker. MediaTek identifies the issue with Patch ID MOLY01088681 and Issue ID MSV-4460. The available information does not identify the specific vulnerable function.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation could result in remote escalation of privilege in the modem context. Because the issue is an out-of-bounds write, impact may include corruption of adjacent memory and compromise of confidentiality, integrity, and availability within the affected component. The provided content states that no additional execution privileges are required and that exploitation can occur when the target UE connects to an attacker-controlled rogue base station.

Mitigation

If you can’t patch tonight, do this now.

Until patched firmware is deployed, reduce exposure to rogue cellular infrastructure where operationally possible. Practical mitigations are limited because exploitation occurs at the modem/baseband layer when the UE connects to an attacker-controlled base station. Prefer trusted carrier environments and timely installation of OEM security updates.

Remediation

Patch, then assume compromise.

Apply the vendor patch associated with Patch ID MOLY01088681 as referenced by MediaTek in its April 2026 product security bulletin. Deploy the corresponding OEM/device firmware update from the handset vendor, as Samsung indicates this CVE was already included in previous updates for affected Samsung devices.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

MediaTekMt2735 Firmwareoperating_system

MediaTekMt2737 Firmwareoperating_system

MediaTekMt6813 Firmwareoperating_system

MediaTekMt6833 Firmwareoperating_system

MediaTekMt6833p Firmwareoperating_system

MediaTekMt6835 Firmwareoperating_system

MediaTekMt6835t Firmwareoperating_system

MediaTekMt6853 Firmwareoperating_system

MediaTekMt6853t Firmwareoperating_system

MediaTekMt6855 Firmwareoperating_system

MediaTekMt6855t Firmwareoperating_system

MediaTekMt6873 Firmwareoperating_system

MediaTekMt6875 Firmwareoperating_system

MediaTekMt6875t Firmwareoperating_system

MediaTekMt6877 Firmwareoperating_system

MediaTekMt6877t Firmwareoperating_system

MediaTekMt6877tt Firmwareoperating_system

MediaTekMt6878 Firmwareoperating_system

MediaTekMt6878m Firmwareoperating_system

MediaTekMt6879 Firmwareoperating_system

MediaTekMt6880 Firmwareoperating_system

MediaTekMt6883 Firmwareoperating_system

MediaTekMt6885 Firmwareoperating_system

MediaTekMt6886 Firmwareoperating_system

MediaTekMt6889 Firmwareoperating_system

MediaTekMt6890 Firmwareoperating_system

MediaTekMt6891 Firmwareoperating_system

MediaTekMt6893 Firmwareoperating_system

MediaTekMt6895 Firmwareoperating_system

MediaTekMt6895tt Firmwareoperating_system

MediaTekMt6896 Firmwareoperating_system

MediaTekMt6897 Firmwareoperating_system

MediaTekMt6899 Firmwareoperating_system

MediaTekMt6980 Firmwareoperating_system

MediaTekMt6980d Firmwareoperating_system

MediaTekMt6983 Firmwareoperating_system

MediaTekMt6983t Firmwareoperating_system

MediaTekMt6985 Firmwareoperating_system

MediaTekMt6985t Firmwareoperating_system

MediaTekMt6989 Firmwareoperating_system

MediaTekMt6989t Firmwareoperating_system

MediaTekMt6990 Firmwareoperating_system

MediaTekMt6991 Firmwareoperating_system

MediaTekMt8668 Firmwareoperating_system

MediaTekMt8673 Firmwareoperating_system

MediaTekMt8675 Firmwareoperating_system

MediaTekMt8676 Firmwareoperating_system

MediaTekMt8678 Firmwareoperating_system

MediaTekMt8755 Firmwareoperating_system

MediaTekMt8771 Firmwareoperating_system

MediaTekMt8775 Firmwareoperating_system

MediaTekMt8791 Firmwareoperating_system

MediaTekMt8791t Firmwareoperating_system

MediaTekMt8792 Firmwareoperating_system

MediaTekMt8793 Firmwareoperating_system

MediaTekMt8795t Firmwareoperating_system

MediaTekMt8797 Firmwareoperating_system

MediaTekMt8798 Firmwareoperating_system

MediaTekMt8863 Firmwareoperating_system

MediaTekMt8873 Firmwareoperating_system

MediaTekMt8883 Firmwareoperating_system

MediaTekMt8893 Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app

cvefeed high severityNews

Apr 7, 2026

CVE-2026-20433 - Huawei Modem Out-of-Bounds Write Privilege Escalation

An out-of-bounds write vulnerability in MediaTek Modem caused by a missing bounds check that could allow remote escalation of privilege when a user equipment connects to a rogue attacker-controlled base station.

samsung mobile securityNews

Jan 17, 2022

Security Updates Firmware Updates | Samsung Mobile Security

An Android Security Bulletin vulnerability already included in previous Samsung updates before this April 2026 release.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity3