← back
CVE-2026-20446

CVE-2026-20446

CVSS 4.3 MEDIUMEPSS 0.2%CWE-190CWE-787
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Apr 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09963054; Issue ID: MSV-3899.
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
MediaTek, Inc. · MediaTek chipset

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://corp.mediatek.com/product-security-bulletin/April-2026