CVE-2026-20456 | In wlan STA driver, there is a possible system crash due to … | CVSS 5.5 MEDIUM

Description

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338.

Metadata

CVE ID: CVE-2026-20456
State: PUBLISHED
Assigner: MediaTek
Reserved: 2025-11-03 01:30 UTC
Published: 2026-06-01 03:20 UTC
Last updated: 2026-06-01 11:07 UTC
Primary CWE: CWE-787
CWE-787 Out-of-bounds Write
Vendor / Product: MediaTek, Inc. / MediaTek chipset
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
MediaTek, Inc.	MediaTek chipset	—	MT7902, MT7920, MT7921, MT7922 …

Weakness (CWE)

CWE	Source	Description
CWE-787	cna	CWE-787 Out-of-bounds Write

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.5	MEDIUM	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (1)

https://corp.mediatek.com/product-security-bulletin/June-2026