CVE-2026-20421 is an out-of-bounds read vulnerability (CWE-125) found in the modem firmware of multiple MediaTek chipsets, including MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, and MT8791. The root cause is improper input validation within the modem component that processes data received from cellular base stations. An attacker who controls a rogue base station can send specially crafted signals or data to a user equipment (UE) device using these chipsets. This triggers an out-of-bounds read condition, leading to a system crash and denial of service. The vulnerability does not require any privileges or user interaction, making it remotely exploitable once the device connects to the malicious base station. The CVSS v3.1 base score is 6.5, reflecting medium severity, with the attack vector being adjacent network (cellular network), low attack complexity, no privileges required, no user interaction, and impact limited to availability (system crash). No confidentiality or integrity impacts are reported. MediaTek has assigned patch ID MOLY01738293 to address this issue. No known exploits have been observed in the wild to date. This vulnerability primarily affects mobile devices and IoT equipment using the specified MediaTek chipsets, which are widely deployed in smartphones and embedded systems globally.

The primary impact of CVE-2026-20421 is a remote denial of service condition that can cause affected devices to crash or become unresponsive. This can disrupt mobile communications, affecting voice, data, and IoT services relying on these chipsets. For end users, this may manifest as dropped calls, loss of connectivity, or device reboots. For organizations, especially those deploying large fleets of mobile or IoT devices with MediaTek chipsets, this could lead to operational disruptions, degraded service availability, and potential safety risks if critical communication devices are affected. Attackers with the capability to operate rogue base stations could selectively target devices in specific locations or networks, causing localized outages. While the vulnerability does not allow code execution or data compromise, the availability impact can be significant in environments where continuous connectivity is critical, such as emergency services, industrial control systems, or telematics. The lack of required user interaction and privileges lowers the barrier for exploitation, increasing the risk in hostile environments.

To mitigate CVE-2026-20421, organizations and device manufacturers should promptly apply the official patch MOLY01738293 provided by MediaTek. Network operators should monitor for and mitigate rogue base stations within their coverage areas using advanced detection and prevention systems. Device firmware should be updated regularly to incorporate security patches and improvements. Implementing network-level protections such as mutual authentication between base stations and devices can reduce the risk of rogue base station attacks. For high-risk deployments, consider deploying devices with chipset versions not affected by this vulnerability or with additional security hardening. Security teams should also educate users about the risks of connecting to unknown cellular networks, although user interaction is not required for exploitation. Continuous monitoring for unusual device behavior or connectivity issues can help detect potential exploitation attempts. Collaboration with telecom providers to enhance base station authentication protocols may provide longer-term mitigation against similar threats.