CVE-2026-20423

Out-of-Bounds Write in Mediatek WLAN STA Driver Leads to Local Privilege Escalation

Description

In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956.

INFO

Published Date :

2026-03-02T08:37:41.026Z

Last Modified :

2026-03-30T13:05:18.799Z

Source :

MediaTek

AFFECTED PRODUCTS

The following products are affected by CVE-2026-20423 vulnerability.

Vendors	Products
Mediatek	Mt7902 Mt7920 Mt7921 Mt7922 Mt7925 Mt7927 Nbiot Sdk

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-20423.

URL	Resource
https://corp.mediatek.com/product-security-bulletin/March-2026

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact