CVE-2026-20448
MEDIUMDescription
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
Is your site exposed to CVE-2026-20448?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mediatek | mt6765_firmware |
| mediatek | mt6765 |
| mediatek | mt6768_firmware |
| mediatek | mt6768 |
| mediatek | mt6789_firmware |
| mediatek | mt6789 |
| mediatek | mt6877_firmware |
| mediatek | mt6877 |
| mediatek | mt6897_firmware |
| mediatek | mt6897 |
| mediatek | mt6899_firmware |
| mediatek | mt6899 |
| mediatek | mt6989_firmware |
| mediatek | mt6989 |
| mediatek | mt6991_firmware |
| mediatek | mt6991 |
| mediatek | mt6993_firmware |
| mediatek | mt6993 |
| mediatek | mt8367_firmware |
| mediatek | mt8367 |
| mediatek | mt8766_firmware |
| mediatek | mt8766 |
| mediatek | mt8768_firmware |
| mediatek | mt8768 |
| mediatek | mt8775_firmware |
| mediatek | mt8775 |
| mediatek | mt8781_firmware |
| mediatek | mt8781 |
| mediatek | mt8786_firmware |
| mediatek | mt8786 |
| mediatek | mt8788e_firmware |
| mediatek | mt8788e |
| mediatek | mt8791t_firmware |
| mediatek | mt8791t |
| mediatek | mt8792_firmware |
| mediatek | mt8792 |
| mediatek | mt8793_firmware |
| mediatek | mt8793 |
| mediatek | mt8796_firmware |
| mediatek | mt8796 |
| mediatek | mt8893_firmware |
| mediatek | mt8893 |
| mediatek | mt8910_firmware |
| mediatek | mt8910 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-20448? +
How severe is CVE-2026-20448? +
What products are affected by CVE-2026-20448? +
How do I check if I'm vulnerable to CVE-2026-20448? +
Related Vulnerabilities
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass …
An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated …
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even …
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended …
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to …
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.