CVE-2026-20406 – This vulnerability allows remote denial of serv... (How to Fix)

Q: What is the severity of CVE-2026-20406?

CVE-2026-20406 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote denial of service attacks against devices with affected MediaTek modems. An attacker can crash the system by connecting a device to a rogue base station, requiring no user interaction or special privileges. This affects mobile devices and IoT products using vulnerable MediaTek modem chipsets.

📋 TL;DR

This vulnerability allows remote denial of service attacks against devices with affected MediaTek modems. An attacker can crash the system by connecting a device to a rogue base station, requiring no user interaction or special privileges. This affects mobile devices and IoT products using vulnerable MediaTek modem chipsets.

💻 Affected Systems

Products:

MediaTek modem chipsets

Versions: Specific versions not specified in CVE, but pre-patch versions affected

Operating Systems: Android, Linux-based IoT systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices connecting to cellular networks with vulnerable modem firmware

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring physical reboot, potentially disrupting critical communications and services on affected devices.

🟠

Likely Case

Temporary service disruption on mobile devices, dropped calls, and loss of data connectivity until system recovers.

🟢

If Mitigated

Minimal impact with proper network segmentation and base station authentication controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires setting up rogue base station but no authentication needed for exploitation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: MOLY01726634

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/February-2026

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates 2. Apply modem firmware patch MOLY01726634 3. Reboot device after patch installation

🔧 Temporary Workarounds

Disable automatic network selection

all

Manually select trusted network operators to prevent connection to rogue base stations

Enable base station authentication

all

Configure devices to require base station authentication where supported

🧯 If You Can't Patch

Isolate affected devices from untrusted cellular networks
Implement network monitoring for unusual base station connections

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against vendor patch information

Check Version:

Device-specific modem firmware check commands vary by manufacturer

Verify Fix Applied:

Verify patch MOLY01726634 is applied in modem firmware version

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected base station handoffs
System reboot events

Network Indicators:

Connections to unknown base station IDs
Unusual cellular network behavior

SIEM Query:

search 'modem crash' OR 'base station' AND 'unexpected'

📊 Metadata

CVE ID: CVE-2026-20406

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://corp.mediatek.com/product-security-bulletin/February-2026 Vendor Advisory