CVE-2026-20420 is a vulnerability classified as CWE-125 (out-of-bounds read) found in the modem firmware of various MediaTek chipsets. The flaw arises from incorrect error handling within the modem, which can be triggered remotely when a user equipment (UE) device connects to a malicious or rogue base station controlled by an attacker. This causes the modem to perform an out-of-bounds read operation, leading to a system crash and resulting in a denial of service condition. The vulnerability does not require any privileges or user interaction, making it easier to exploit in targeted scenarios. The affected chipsets include a broad range of MediaTek models (MT2735 through MT8791 series), which are widely deployed in smartphones and IoT devices globally. Although no public exploits have been reported, the vulnerability poses a risk to device availability, potentially disrupting communications. MediaTek has released a patch identified as MOLY01738313 to address this issue. The CVSS v3.1 score of 6.5 reflects a medium severity level, with attack vector as adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability. This vulnerability highlights risks associated with rogue base stations and the importance of robust modem firmware error handling.

The primary impact of CVE-2026-20420 is a remote denial of service on devices using affected MediaTek chipsets. This can disrupt mobile communications, causing devices to crash or become unresponsive when connecting to rogue base stations. For organizations, this can lead to operational disruptions, especially in environments relying on mobile connectivity for critical functions such as field operations, emergency services, or IoT deployments. The inability to maintain stable network connections can affect productivity and safety. While confidentiality and integrity are not directly impacted, the loss of availability can have cascading effects on business continuity. The broad range of affected chipsets means a large number of consumer and enterprise devices worldwide are potentially vulnerable. Attackers with access to rogue base stations could selectively target devices in specific locations or organizations, increasing the threat to high-value targets. The lack of required privileges or user interaction lowers the barrier for exploitation, increasing risk in hostile environments.

Organizations and device users should promptly apply the official MediaTek patch MOLY01738313 to affected devices to remediate the vulnerability. Network operators and security teams should monitor for and mitigate rogue base stations within their coverage areas using radio frequency monitoring tools and anomaly detection systems. Deploying network-level protections such as base station authentication and secure network protocols can reduce exposure. Device manufacturers and integrators should ensure firmware updates are delivered securely and promptly to end users. For critical deployments, consider using devices with chipsets not affected by this vulnerability or that have been patched. Network segmentation and limiting device exposure to untrusted networks can further reduce risk. Security teams should also educate users about the risks of connecting to unknown or suspicious cellular networks. Continuous monitoring for unusual device behavior indicative of denial of service conditions can enable faster incident response.