CVE-2026-20435

CVE-2026-20435

Vendor Mediatek, Inc.
Product MediaTek chipset
Weakness CWE-522 · Insufficiently protected credentials
Published March 2, 2026
Last update March 30, 2026

CVSS base score

What the vulnerability does

01Description

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

Key dates

02Disclosure timeline

March 2, 2026 CVE published
March 30, 2026 Record updated