CVE-2026-20457
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by luring a UE to connect to a rogue base station.
Risk Assessment
The risk involves potential remote disruption of network services for users connected to a malicious base station, leading to communication outages and loss of availability.
Recommendation
Apply the vendor patch MOLY01826924 immediately and implement base station authentication mechanisms to mitigate the risk.
Original NVD description (English source)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.

