CVE-2026-20459: CWE-288 Authentication Bypass Using an Alternate Path or Channel in MediaTek, Inc. MediaTek chipset
A vulnerability in MediaTek chipsets allows a remote denial of service via system crash caused by improper input validation in the modem. Exploitation requires no user interaction and can occur if a user equipment connects to a rogue base station controlled by an attacker. Multiple MediaTek chipset models are affected. No official patch or remediation level has been confirmed yet.
AI Analysis
Technical Summary
CVE-2026-20459 is an authentication bypass vulnerability categorized under CWE-288 affecting various MediaTek chipset models. The issue arises from improper input validation in the modem component, which can cause a system crash leading to a remote denial of service. Exploitation does not require additional execution privileges or user interaction but requires the device to connect to a malicious base station controlled by an attacker. The vulnerability affects a wide range of MediaTek chipsets identified by specific model numbers. No CVSS score or official remediation guidance is currently available.
Potential Impact
Successful exploitation results in a remote denial of service condition by causing the modem system to crash. This can disrupt device connectivity and availability when connected to a rogue base station. There is no indication of privilege escalation or data compromise from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been provided at this time.
CVE-2026-20459: CWE-288 Authentication Bypass Using an Alternate Path or Channel in MediaTek, Inc. MediaTek chipset
Description
A vulnerability in MediaTek chipsets allows a remote denial of service via system crash caused by improper input validation in the modem. Exploitation requires no user interaction and can occur if a user equipment connects to a rogue base station controlled by an attacker. Multiple MediaTek chipset models are affected. No official patch or remediation level has been confirmed yet.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-20459 is an authentication bypass vulnerability categorized under CWE-288 affecting various MediaTek chipset models. The issue arises from improper input validation in the modem component, which can cause a system crash leading to a remote denial of service. Exploitation does not require additional execution privileges or user interaction but requires the device to connect to a malicious base station controlled by an attacker. The vulnerability affects a wide range of MediaTek chipsets identified by specific model numbers. No CVSS score or official remediation guidance is currently available.
Potential Impact
Successful exploitation results in a remote denial of service condition by causing the modem system to crash. This can disrupt device connectivity and availability when connected to a rogue base station. There is no indication of privilege escalation or data compromise from the provided information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround has been provided at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- MediaTek
- Date Reserved
- 2025-11-03T01:30:59.014Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a448b4d27e9c79719e6c5e7
Added to database: 07/01/2026, 03:36:45 UTC
Last enriched: 07/01/2026, 03:52:13 UTC
Last updated: 07/01/2026, 04:12:15 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.