CVE-2026-20403 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting a wide range of MediaTek modem chipsets, including models MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798, and MT8893. The vulnerability stems from a missing bounds check in the modem firmware's handling of certain inputs, which can lead to an out-of-bounds write condition. This flaw can cause the modem system to crash, resulting in a denial of service condition. The attack vector requires that the user equipment (UE) connects to a rogue base station controlled by an attacker, but no additional privileges or user interaction are necessary, making exploitation relatively straightforward in a targeted environment. The affected modem versions include NR15, NR16, NR17, and NR17R. The CVSS v3.1 base score is 6.5, reflecting a medium severity with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). MediaTek has released patches identified as MOLY01689254 and MOLY01689259 to address this issue. No known exploits have been reported in the wild as of the publication date. The vulnerability primarily threatens the availability of devices using these modems, potentially disrupting mobile communications or connected services relying on these chipsets.

For European organizations, the primary impact of CVE-2026-20403 is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt mobile communications, IoT devices, and critical infrastructure relying on cellular connectivity. Telecommunications providers using equipment with these chipsets could face service outages or degraded network performance if attackers deploy rogue base stations to exploit this flaw. Enterprises relying on mobile broadband for operations or remote connectivity may experience interruptions, impacting business continuity. The lack of required user interaction or privileges lowers the barrier for exploitation, increasing risk in environments where rogue base stations can be deployed, such as urban areas or near critical infrastructure. While confidentiality and integrity are not directly impacted, availability degradation can have cascading effects on operational technology, emergency services, and customer-facing applications. The absence of known exploits provides a window for proactive patching, but the widespread use of MediaTek modems in consumer and industrial devices means the attack surface is significant.

Organizations should prioritize applying the patches released by MediaTek (MOLY01689254 for NR15/NR16 and MOLY01689259 for NR17/NR17R) as soon as possible to eliminate the vulnerability. Network operators should monitor for rogue base stations and implement detection mechanisms such as anomaly-based intrusion detection systems and radio frequency monitoring to identify unauthorized cellular infrastructure. Deploying network access control and authentication mechanisms can reduce the risk of devices connecting to malicious base stations. Device manufacturers and integrators should ensure firmware updates are distributed promptly to end users and embedded device operators. For critical infrastructure, consider deploying redundant communication paths and failover mechanisms to maintain availability in case of modem failure. Security teams should also educate users about the risks of connecting to unknown or suspicious networks and implement policies restricting connections to trusted cellular networks. Continuous monitoring of device health and connectivity status can help detect early signs of exploitation or service degradation.