CVE-2026-20433

8.8

HIGH CVSS 3.1

Huawei Modem Out-of-Bounds Write Privilege Escalation

Overview
Vulnerability Timeline

Overview

Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

Details

INFO

Published Date :

April 7, 2026, 4:17 a.m.

Last Modified :

April 10, 2026, 7:56 p.m.

Remotely Exploit :

No

Source :

[email protected]

Impact

Affected Products

The following products are affected by CVE-2026-20433 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Mediatek	mt2735
2	Mediatek	mt6813
3	Mediatek	mt6833
4	Mediatek	mt6833p
5	Mediatek	mt6835
6	Mediatek	mt6853
7	Mediatek	mt6853t
8	Mediatek	mt6855
9	Mediatek	mt6873
10	Mediatek	mt6875
11	Mediatek	mt6877
12	Mediatek	mt6877t
13	Mediatek	mt6878
14	Mediatek	mt6879
15	Mediatek	mt6880
16	Mediatek	mt6883
17	Mediatek	mt6885
18	Mediatek	mt6886
19	Mediatek	mt6889
20	Mediatek	mt6890
21	Mediatek	mt6891
22	Mediatek	mt6893
23	Mediatek	mt6895
24	Mediatek	mt6896
25	Mediatek	mt6897
26	Mediatek	mt6980
27	Mediatek	mt6980d
28	Mediatek	mt6983t
29	Mediatek	mt6985
30	Mediatek	mt6985t
31	Mediatek	mt6989
32	Mediatek	mt6990
33	Mediatek	mt6875t
34	Mediatek	mt8675
35	Mediatek	mt8791
36	Mediatek	mt8791t
37	Mediatek	mt8797
38	Mediatek	mt6983
39	Mediatek	mt8673
40	Mediatek	mt8798
41	Mediatek	mt8676
42	Mediatek	mt8678
43	Mediatek	mt8755
44	Mediatek	mt8775
45	Mediatek	mt8792
46	Mediatek	mt8893
47	Mediatek	mt6855t
48	Mediatek	mt8771
49	Mediatek	mt8795t
50	Mediatek	mt2737
51	Mediatek	mt6835t
52	Mediatek	mt6878m
53	Mediatek	mt6895tt
54	Mediatek	mt6899
55	Mediatek	mt6989t
56	Mediatek	mt6991
57	Mediatek	mt8863
58	Mediatek	mt2735_firmware
59	Mediatek	mt2737_firmware
60	Mediatek	mt6813_firmware
61	Mediatek	mt6833_firmware
62	Mediatek	mt6833p_firmware
63	Mediatek	mt6835_firmware
64	Mediatek	mt6835t_firmware
65	Mediatek	mt6853_firmware
66	Mediatek	mt6853t_firmware
67	Mediatek	mt6855_firmware
68	Mediatek	mt6855t_firmware
69	Mediatek	mt6873_firmware
70	Mediatek	mt6875_firmware
71	Mediatek	mt6875t_firmware
72	Mediatek	mt6877_firmware
73	Mediatek	mt6877t_firmware
74	Mediatek	mt6877tt_firmware
75	Mediatek	mt6877tt
76	Mediatek	mt6878_firmware
77	Mediatek	mt6878m_firmware
78	Mediatek	mt6879_firmware
79	Mediatek	mt6880_firmware
80	Mediatek	mt6883_firmware
81	Mediatek	mt6885_firmware
82	Mediatek	mt6886_firmware
83	Mediatek	mt6889_firmware
84	Mediatek	mt6890_firmware
85	Mediatek	mt6891_firmware
86	Mediatek	mt6893_firmware
87	Mediatek	mt6895_firmware
88	Mediatek	mt6895tt_firmware
89	Mediatek	mt6896_firmware
90	Mediatek	mt6897_firmware
91	Mediatek	mt6899_firmware
92	Mediatek	mt6980_firmware
93	Mediatek	mt6980d_firmware
94	Mediatek	mt6983_firmware
95	Mediatek	mt6983t_firmware
96	Mediatek	mt6985_firmware
97	Mediatek	mt6985t_firmware
98	Mediatek	mt6989_firmware
99	Mediatek	mt6989t_firmware
100	Mediatek	mt6990_firmware
101	Mediatek	mt6991_firmware
102	Mediatek	mt8673_firmware
103	Mediatek	mt8675_firmware
104	Mediatek	mt8676_firmware
105	Mediatek	mt8678_firmware
106	Mediatek	mt8771_firmware
107	Mediatek	mt8791t_firmware
108	Mediatek	mt8797_firmware
109	Mediatek	mt8798_firmware
110	Mediatek	mt8863_firmware
111	Mediatek	mt8873
112	Mediatek	mt8883
113	Mediatek	mt8793
114	Mediatek	mt8668
115	Mediatek	mt8668_firmware
116	Mediatek	mt8755_firmware
117	Mediatek	mt8775_firmware
118	Mediatek	mt8792_firmware
119	Mediatek	mt8793_firmware
120	Mediatek	mt8873_firmware
121	Mediatek	mt8883_firmware
122	Mediatek	mt8791_firmware
123	Mediatek	mt8795t_firmware
124	Mediatek	mt8893_firmware

: Total Affected Vendor : 1 | Products : 124

Scoring

CVSS Scores

The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.

Score	Version	Severity	Vector	Exploitability Score	Impact Score	Source
	CVSS 3.1	HIGH				134c704f-9b21-4f2e-91b3-4a467353bcc0
	CVSS 3.1	HIGH				[email protected]

Solution

Update modem firmware to patch an out-of-bounds write vulnerability.

Update modem firmware to the latest version.
Apply security patches for the modem.
Ensure user interaction is not initiated maliciously.

References

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-20433.

URL	Resource
https://corp.mediatek.com/product-security-bulletin/April-2026	Vendor Advisory

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-20433 is associated with the following CWEs:

CWE-787: Out-of-bounds Write

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-20433 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-20433 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-20433 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Initial Analysis by [email protected]

Apr. 10, 2026

Action	Type	New Value
Added	CVSS V3.1	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt2735_firmware:-::::::: OR cpe:2.3:h:mediatek:mt2735:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt2737_firmware:-::::::: OR cpe:2.3:h:mediatek:mt2737:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6813_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6813:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6833_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6833:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6833p_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6833p:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6835_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6835:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6835t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6835t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6853_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6853:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6853t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6853t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6855_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6855:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6855t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6855t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6873_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6873:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6875_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6875:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6875t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6875t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6877_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6877:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6877t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6877t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6877tt_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6877tt:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6878_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6878:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6878m_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6878m:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6879_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6879:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6880_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6880:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6883_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6883:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6885_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6885:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6886_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6886:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6889_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6889:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6890_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6890:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6891_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6891:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6893_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6893:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6895_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6895:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6895tt_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6895tt:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6896_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6896:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6897_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6897:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6899_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6899:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6980_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6980:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6980d_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6980d:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6983_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6983:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6983t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6983t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6985_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6985:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6985t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6985t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6989_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6989:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6989t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6989t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6990_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6990:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt6991_firmware:-::::::: OR cpe:2.3:h:mediatek:mt6991:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8668_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8668:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8673_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8673:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8675_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8675:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8676_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8676:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8678_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8678:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8755_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8755:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8771_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8771:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8775_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8775:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8791_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8791:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8791t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8791t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8792_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8792:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8793_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8793:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8795t_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8795t:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8797_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8797:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8798_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8798:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8863_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8863:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8873_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8873:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8883_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8883:-:::::::*
Added	CPE Configuration	AND OR cpe:2.3:o:mediatek:mt8893_firmware:-::::::: OR cpe:2.3:h:mediatek:mt8893:-:::::::*
Added	Reference Type	MediaTek, Inc.: https://corp.mediatek.com/product-security-bulletin/April-2026 Types: Vendor Advisory

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

Apr. 07, 2026

Action	Type	Old Value	New Value
Added	CVSS V3.1		AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added	CWE		CWE-787

New CVE Received by [email protected]

Apr. 07, 2026

Action	Type	New Value
Added	Description	In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Added	CWE	CWE-787
Added	Reference	https://corp.mediatek.com/product-security-bulletin/April-2026

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CVE-2026-20433

Huawei Modem Out-of-Bounds Write Privilege Escalation

Description

INFO

April 7, 2026, 4:17 a.m.

April 10, 2026, 7:56 p.m.

No

[email protected]

Affected Products

CVSS Scores

Solution

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Initial Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

New CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 8.8

Browse by Apps

CVE-2026-20433

Huawei Modem Out-of-Bounds Write Privilege Escalation

Description

INFO

April 7, 2026, 4:17 a.m.

April 10, 2026, 7:56 p.m.

No

[email protected]

Affected Products

CVSS Scores

Solution

References to Advisories, Solutions, and Tools

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Initial Analysis by [email protected]

CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

New CVE Received by [email protected]

Vulnerability Scoring Details

Base CVSS Score: 8.8

Cookie Preferences