CVE-2026-20438 PUBLISHED

Assigner: MediaTek
Reserved: 03.11.2025 Published: 02.03.2026 Updated: 02.03.2026

In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835.

Product Status

Vendor	MediaTek, Inc.
Product	MT2718, MT6899, MT6991, MT8168, MT8169, MT8186, MT8188, MT8678, MT8695, MT8696, MT8793
Versions	Version Android 15.0 is affected

References

https://corp.mediatek.com/product-security-bulletin/March-2026

Problem Types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition CWE