CVE-2026-20433 | MediaTek MT8893 Base Station out-of-bounds write (MSV-4460)

A vulnerability identified as critical has been detected in MediaTek MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. Affected by this vulnerability is an unknown functionality of the component Base Station Handler. Performing a manipulation results in out-of-bounds write.

This vulnerability is reported as CVE-2026-20433. The attack is possible to be carried out remotely. No exploit exists.

To fix this issue, it is recommended to deploy a patch.

CVE-2026-20433 | MediaTek MT8893 Base Station out-of-bounds write (MSV-4460)

Post correlati

CVE-2024-53134 | Linux Kernel up to 6.6.62/6.11.9 pmdomain onecell_data.num_domains denial of service (8fc228ab5d38/201fb9e164a1/f7c7c5aa5563)

CVE-2026-1233 | mvirik Text to Speech Plugin up to 1.9.8 on WordPress Mementor_TTS_Remote_Telemetry hard-coded credentials

CVE-2024-10668 | Google Nearby Quickshare unrestricted upload

CVE-2025-6779 | Axis AXIS OS up to 12.6.39 ACAP Configuration File permission assignment