CVE Catalog

CVE-2026-20461

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

In the Modem module, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote denial of service if a UE connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are needed for exploitation.

Risk Assessment

The risk is a potential remote denial of service (DoS) by forcing the device to connect to a rogue base station, which can disrupt communication and impact service availability.

Recommendation

It is recommended to immediately apply patches MOLY01267281 / MOLY01318201 and update the modem software to the latest version.

Original NVD description (English source)

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267281 / MOLY01318201; Issue ID: MSV-6486.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS