CVE-2026-20420 is a vulnerability classified as CWE-125 (out-of-bounds read) found in a wide range of MediaTek modem chipsets, including models MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8676, and MT8791. The vulnerability stems from incorrect error handling within the modem firmware, which can trigger an out-of-bounds read condition. This flaw can cause the modem system to crash, resulting in a denial of service (DoS) condition. The attack vector requires the user equipment (UE) to connect to a rogue base station controlled by an attacker, but does not require any additional execution privileges or user interaction, making exploitation feasible remotely and stealthily. Affected modem firmware versions include NR15, NR16, NR17, and NR17R. The vulnerability was publicly disclosed in early 2026, with no known exploits currently observed in the wild. The issue is significant because modems are critical components in mobile devices, and a crash can disrupt cellular connectivity, impacting voice, data, and emergency communications. The vulnerability affects a broad range of MediaTek chipsets commonly used in smartphones, IoT devices, and embedded systems. The lack of a CVSS score necessitates an assessment based on impact and exploitability factors. The vulnerability's root cause is a memory safety issue, a common and serious class of bugs that can lead to system instability or crashes. The patch status is not explicitly provided, but vendors typically release firmware updates to address such flaws. The attack requires a rogue base station, which implies a sophisticated adversary capable of setting up such infrastructure, often seen in targeted attacks or advanced persistent threats (APTs).

For European organizations, the primary impact of CVE-2026-20420 is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt mobile communications, affecting business operations reliant on cellular connectivity, including remote work, mobile payments, IoT device management, and emergency services. Telecommunications providers could see network instability or increased support costs due to affected user devices. Critical infrastructure relying on cellular networks, such as utilities or transportation systems, may experience service degradation or outages. The vulnerability could be exploited to target specific users or groups by deploying rogue base stations in strategic locations, potentially causing localized service denial. Since no user interaction or elevated privileges are required, the attack surface is broad, increasing risk for mobile users across sectors. The disruption could also undermine trust in mobile network reliability and impact compliance with regulations requiring service availability. Although no data confidentiality or integrity compromise is indicated, the availability impact alone can have cascading effects on business continuity and safety-critical applications. Organizations with large deployments of MediaTek-based devices or those operating in sensitive environments should prioritize mitigation to avoid operational disruptions.

1. Apply firmware updates from MediaTek or device manufacturers as soon as patches addressing CVE-2026-20420 become available. 2. Implement network-level detection and blocking of rogue base stations using advanced radio frequency monitoring tools and anomaly detection systems. 3. Employ mobile device management (MDM) solutions to enforce timely updates and monitor device health status. 4. Educate users and IT staff about the risks of connecting to untrusted cellular networks and encourage the use of VPNs or secure communication channels where possible. 5. Collaborate with mobile network operators to enhance base station authentication and integrity verification mechanisms to reduce rogue base station risks. 6. For critical infrastructure, consider multi-path communication strategies that do not rely solely on cellular connectivity to maintain availability. 7. Monitor security advisories from MediaTek and related vendors for updates and additional mitigation guidance. 8. Conduct penetration testing and red team exercises simulating rogue base station attacks to assess organizational resilience. 9. Restrict physical access to areas where rogue base stations could be deployed and increase surveillance in sensitive locations. 10. Integrate modem vulnerability scanning into regular security assessments of mobile and IoT devices.