CVE-2026-20435

MEDIUM 4.6

CVSS Score

4.6

EPSS Score

0.0%

EPSS Percentile

1th

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

CWE	CWE-522
Vendor	mediatek, inc.
Product	mediatek chipset
Published	Mar 2, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for mediatek, inc. mediatek chipset

Be the first to know when new medium vulnerabilities affecting mediatek, inc. mediatek chipset are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MediaTek, Inc. / MediaTek chipset

MT2737 MT6739 MT6761 MT6765 MT6768 MT6781 MT6789 MT6813 MT6833 MT6853 MT6855 MT6877 MT6878 MT6879 MT6880 MT6885 MT6886 MT6890 MT6893 MT6895 MT6897 MT6983 MT6985 MT6989 MT6990 MT6993 MT8169 MT8186 MT8188 MT8370 MT8390 MT8676 MT8678 MT8696 MT8793

References

NVD ↗ CVE.org ↗ EPSS Data ↗

corp.mediatek.com: https://corp.mediatek.com/product-security-bulletin/March-2026