{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20431", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.011Z", "datePublished": "2026-04-07T03:25:28.491Z", "dateUpdated": "2026-04-07T12:59:17.543Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-04-07T03:25:28.491Z"}, "descriptions": [{"lang": "en", "value": "In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT6813", "status": "affected"}, {"version": "MT6815", "status": "affected"}, {"version": "MT6835", "status": "affected"}, {"version": "MT6878", "status": "affected"}, {"version": "MT6897", "status": "affected"}, {"version": "MT6899", "status": "affected"}, {"version": "MT6986", "status": "affected"}, {"version": "MT6991", "status": "affected"}, {"version": "MT6993", "status": "affected"}, {"version": "MT8668", "status": "affected"}, {"version": "MT8676", "status": "affected"}, {"version": "MT8678", "status": "affected"}, {"version": "MT8755", "status": "affected"}, {"version": "MT8775", "status": "affected"}, {"version": "MT8792", "status": "affected"}, {"version": "MT8793", "status": "affected"}, {"version": "MT8863", "status": "affected"}, {"version": "MT8873", "status": "affected"}, {"version": "MT8883", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T12:59:15.295899Z", "id": "CVE-2026-20431", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T12:59:17.543Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20431", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T12:59:15.295899Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T12:59:10.087Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT6813"}, {"status": "affected", "version": "MT6815"}, {"status": "affected", "version": "MT6835"}, {"status": "affected", "version": "MT6878"}, {"status": "affected", "version": "MT6897"}, {"status": "affected", "version": "MT6899"}, {"status": "affected", "version": "MT6986"}, {"status": "affected", "version": "MT6991"}, {"status": "affected", "version": "MT6993"}, {"status": "affected", "version": "MT8668"}, {"status": "affected", "version": "MT8676"}, {"status": "affected", "version": "MT8678"}, {"status": "affected", "version": "MT8755"}, {"status": "affected", "version": "MT8775"}, {"status": "affected", "version": "MT8792"}, {"status": "affected", "version": "MT8793"}, {"status": "affected", "version": "MT8863"}, {"status": "affected", "version": "MT8873"}, {"status": "affected", "version": "MT8883"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/April-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-04-07T03:25:28.491Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20431", "state": "PUBLISHED", "dateUpdated": "2026-04-07T12:59:17.543Z", "dateReserved": "2025-11-03T01:30:59.011Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-04-07T03:25:28.491Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6813_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E1CB25C-4643-4239-AE47-B5AE876416ED", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6815_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FE3EEC2-1B07-40FA-90CA-3209C3578FA2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*", "matchCriteriaId": "B7122918-8C44-4F24-82E4-B8448247FC83", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6835_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "00B1D726-8183-4667-B46D-18EF110EA9D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6878_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "207954E6-D413-4762-9F4A-3A147CFB4FE2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6897_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A04EA650-730F-4E5D-A0E0-90570CACDD5E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEBA484A-EC07-4D3D-80CD-BDE9E7807F71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6986_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "17581EC0-D68B-4EA3-845C-366C4A65FC6B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6986:-:*:*:*:*:*:*:*", "matchCriteriaId": "1F419FE2-2D6D-48EE-9B6C-E88AC5D44186", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9DD2119-39E8-4A9C-8E2A-8FB7F92A1001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAEB2240-FF37-4CBE-BBEF-8A8281153646", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E92BE0-5E65-4770-8E1A-0E5D07A38164", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8668_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EAACB56-716C-4E17-AB78-F5E68B75B791", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8668:-:*:*:*:*:*:*:*", "matchCriteriaId": "2589C222-3D62-4BDB-98F2-5F1E38600D8D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8676_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "645D7C99-A0A0-4FB0-97AC-3DA5161A44D9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE302F6F-170E-4350-A8F4-65BE0C50CB78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8678_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFEC7A7B-6948-4B8A-BFA1-9F9D07043605", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", "matchCriteriaId": "152A5F3D-8004-4649-BDB1-E6F0798AF1CB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8755_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B49A54E-B0C5-45C4-8396-5E6A2613E3B1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CF88096-5CBD-4A4B-8F47-33D38985956F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8775_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAA319BC-2689-497C-8D7D-482CD2AD89A1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE5FB550-7264-4879-BAF9-6798949113AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8792_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE904A76-14A2-41D5-86FF-BCA686342E85", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", "matchCriteriaId": "336FC69E-E89F-4642-B6B9-8009D9A2BD52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "42C2F52D-C49C-4AFF-B6FA-FFA82EF96142", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD3487-F8CE-406C-8BD7-DD57FF8CD60B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8863_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "03A3F0E1-3226-4CB5-AE9F-BDA327590107", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8863:-:*:*:*:*:*:*:*", "matchCriteriaId": "77E0D738-F0B9-468F-8A10-204F498320BC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8873_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D40337A-B78E-41CF-ADDC-A31190950F73", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6DD525F-7050-42BD-829D-1121698B8009", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8883_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5049DE8-5F0C-4E0D-85AE-F47CECE2DCE8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*", "matchCriteriaId": "23DD8281-FEB4-4E23-8DDA-680FF895F12E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467."}], "id": "CVE-2026-20431", "lastModified": "2026-04-10T19:58:43.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T04:16:59.930", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/April-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6813"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6815"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6835"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6878"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6897"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6899"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6986"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6991"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6993"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8668"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8676"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8678"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8755"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8775"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8792"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8793"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8863"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8873"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8883"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MediaTek chipset", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mediatek_chipset", "vendor": "mediatek,_inc."}], "analysis": {"en": {"generated_at": "2026-04-07T20:38:10.324337+00:00", "value": {"mitigation_remediation": ["Apply the firmware update that contains Patch ID MOLY01106496 to the affected MediaTek chipset", "Verify that the update has been successfully applied by checking the firmware version and patch notes", "If the update is not yet available, monitor MediaTek product\u2011security bulletins for the release of the patch"], "summary": {"action": "Immediate Patch", "impact": "Remote Denial of Service"}, "threat_synthesis": {"affected_systems": "MediaTek, Inc. chipsets that include the vulnerable Modem firmware are at risk. The advisory does not list specific model numbers or firmware releases, so all devices based on the affected chipset family should be treated as vulnerable until the packet identified by Patch ID MOLY01106496 is applied.", "description_and_impact": "A logic error in the Modem component of MediaTek chipsets can trigger a system crash that results in a denial of service that can be induced remotely. The flaw requires no privileged execution or user action; an attacker merely needs to luring a UE into connecting to a rogue base station they control. The resulting crash disrupts the device\u2019s ability to communicate with the cellular network.", "risk_and_exploitability": "The CVSS score of 6.5 indicates medium severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be a rogue base station that forces the device to establish a connection, which triggers the logic error and causes the crash."}}}}, "created": "2026-04-07T09:36:25.383170+00:00", "title": "Modem Logic Error Causing Remote Device Crash", "updated": "2026-04-08T19:50:12.692187+00:00", "vendors": ["mediatek,_inc.", "mediatek,_inc.$PRODUCT$mediatek_chipset"]}