CVE-2026-20452
HIGHDescription
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mediatek | mt6890_firmware |
| mediatek | mt6890 |
| mediatek | mt7615_firmware |
| mediatek | mt7615 |
| mediatek | mt7915_firmware |
| mediatek | mt7915 |
| mediatek | mt7916_firmware |
| mediatek | mt7916 |
| mediatek | mt7981_firmware |
| mediatek | mt7981 |
| mediatek | mt7986_firmware |
| mediatek | mt7986 |
| mediatek | mt7990_firmware |
| mediatek | mt7990 |
| mediatek | mt7992_firmware |
| mediatek | mt7992 |
| mediatek | mt7993_firmware |
| mediatek | mt7993 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-20452? +
How severe is CVE-2026-20452? +
What products are affected by CVE-2026-20452? +
How do I check if I'm vulnerable to CVE-2026-20452? +
Related Vulnerabilities
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This …
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from …
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to …