Back to overview

CVE-2026-20463

MEDIUM
6.7
CVSS 3.1
Description
In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309.

Metadata

CVE ID
CVE-2026-20463
State
PUBLISHED
Assigner
MediaTek
Reserved
2025-11-03 01:30 UTC
Published
2026-07-01 03:14 UTC
Last updated
2026-07-02 03:55 UTC
Primary CWE
CWE-280
CWE-280 Improper Handling of Insufficient Permissions or Pri…
Vendor / Product
MediaTek, Inc. / MediaTek chipset
Sources
cve.org  ·  NVD

Severity & Metrics

6.7 MEDIUM CVSS 3.1
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
MediaTek, Inc. MediaTek chipset MT2716, MT2735, MT2737, MT6739 …
Weakness (CWE)
CWESourceDescription
CWE-280 cna CWE-280 Improper Handling of Insufficient Permissions or Privileges
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.7 MEDIUM 3.1 adp CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Back to overview