{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20447", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2025-11-03T01:30:59.013Z", "datePublished": "2026-05-04T05:41:51.218Z", "dateUpdated": "2026-05-05T03:56:08.477Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-05-04T05:41:51.218Z"}, "descriptions": [{"lang": "en", "value": "In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "defaultStatus": "unaffected", "versions": [{"version": "MT6768", "status": "affected"}, {"version": "MT6789", "status": "affected"}, {"version": "MT6877", "status": "affected"}, {"version": "MT6899", "status": "affected"}, {"version": "MT6989", "status": "affected"}, {"version": "MT6991", "status": "affected"}, {"version": "MT6993", "status": "affected"}, {"version": "MT8196", "status": "affected"}, {"version": "MT8367", "status": "affected"}, {"version": "MT8766", "status": "affected"}, {"version": "MT8768", "status": "affected"}, {"version": "MT8781", "status": "affected"}, {"version": "MT8786", "status": "affected"}, {"version": "MT8788E", "status": "affected"}, {"version": "MT8791T", "status": "affected"}, {"version": "MT8793", "status": "affected"}, {"version": "MT8910", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/May-2026"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-20447"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-05T03:56:08.477Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-20447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-04T12:56:21.561872Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T12:56:18.683Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MediaTek chipset", "versions": [{"status": "affected", "version": "MT6768"}, {"status": "affected", "version": "MT6789"}, {"status": "affected", "version": "MT6877"}, {"status": "affected", "version": "MT6899"}, {"status": "affected", "version": "MT6989"}, {"status": "affected", "version": "MT6991"}, {"status": "affected", "version": "MT6993"}, {"status": "affected", "version": "MT8196"}, {"status": "affected", "version": "MT8367"}, {"status": "affected", "version": "MT8766"}, {"status": "affected", "version": "MT8768"}, {"status": "affected", "version": "MT8781"}, {"status": "affected", "version": "MT8786"}, {"status": "affected", "version": "MT8788E"}, {"status": "affected", "version": "MT8791T"}, {"status": "affected", "version": "MT8793"}, {"status": "affected", "version": "MT8910"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/May-2026"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2026-05-04T05:41:51.218Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20447", "state": "PUBLISHED", "dateUpdated": "2026-05-05T03:56:08.477Z", "dateReserved": "2025-11-03T01:30:59.013Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2026-05-04T05:41:51.218Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "16EF9082-FC9B-4790-A79D-AA62C62E4B88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "524AB96D-4C15-47A6-B276-6B873796E8F3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "07F67D59-75F0-4056-BCCE-F7888912CAB3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEBA484A-EC07-4D3D-80CD-BDE9E7807F71", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E495B8EB-C9B5-4F32-AEE2-D2C41C0B292B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9DD2119-39E8-4A9C-8E2A-8FB7F92A1001", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*", "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAEB2240-FF37-4CBE-BBEF-8A8281153646", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*", "matchCriteriaId": "57E92BE0-5E65-4770-8E1A-0E5D07A38164", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8196_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE7B4BD3-A945-4C45-8E76-CEE2ADE2001E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8367_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32C24935-B6E6-4923-B81C-D29BBEED2B3C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8367:-:*:*:*:*:*:*:*", "matchCriteriaId": "A28FA947-314F-465B-8ADD-F7973F02D82A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8766_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "215862D7-BF3D-4955-BCFF-48778190EEB5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8768_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "303069C6-F031-4176-9465-46F4134BB423", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8781_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E2280E5-F903-4541-8404-9F789CEFF172", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8786_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "88A514F4-3EAF-45FB-8736-4A015E4DEB4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8788e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "65B4F295-BF35-4A71-8567-CB1B367D80E9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8788e:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEDF887A-1862-4336-ABFC-371838E1D029", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8791t_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D15A887-AC6B-4458-8355-8505742F4FC2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "42C2F52D-C49C-4AFF-B6FA-FFA82EF96142", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FBD3487-F8CE-406C-8BD7-DD57FF8CD60B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:mt8910_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A05E635E-9559-4899-A7BA-A74EB6501D1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt8910:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C81BC81-1358-4005-8D35-92428D052A65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296."}], "id": "CVE-2026-20447", "lastModified": "2026-05-07T12:43:25.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-05-04T07:15:58.450", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/May-2026"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6768"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6789"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6877"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6899"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6989"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6991"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT6993"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8196"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8367"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8766"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8768"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8781"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8786"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8788E"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8791T"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8793"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "MT8910"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "MediaTek chipset", "source": "cna", "vendor": "MediaTek, Inc."}, "product": "mediatek_chipset", "vendor": "mediatek,_inc."}], "created": "2026-05-04T07:30:40.196190+00:00", "updated": "2026-05-04T15:15:03.046337+00:00", "vendors": ["mediatek,_inc.", "mediatek,_inc.$PRODUCT$mediatek_chipset"]}