CVE Catalog

CVE-2026-20462

MediumCVSS 6.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

A memory corruption vulnerability due to a heap buffer overflow has been discovered in Telephony. This could lead to local escalation of privilege if an attacker already has System privileges. User interaction is not required for exploitation.

Risk Assessment

The risk involves potential privilege escalation by a local attacker, which could lead to full device compromise and access to sensitive data.

Recommendation

It is recommended to immediately apply patch ALPS11006447 provided by the vendor and keep Telephony software updated regularly.

Original NVD description (English source)

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS