CVE-2026-20441

CVE-2026-20441

Vendor Mediatek, Inc.

Product MediaTek chipset

Weakness CWE-787

Published March 2, 2026

Last update March 30, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803.

Key dates

02Disclosure timeline

March 2, 2026 CVE published

March 30, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-20441 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2026-20441

CWE CWE-787

Affected versions

Vendor Mediatek, Inc.

Product MediaTek chipset

Affected MT2718

Vendor Mediatek, Inc.

Product MediaTek chipset

Affected MT6899

Vendor Mediatek, Inc.

Product MediaTek chipset

Affected MT6991

Vendor Mediatek, Inc.

Product MediaTek chipset

Affected MT8678

Vendor Mediatek, Inc.

Product MediaTek chipset

Affected MT8793

01Description

02Disclosure timeline

03References

04Related CVE