CVE Catalog

CVE-2026-20457

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by luring a UE to connect to a rogue base station.

Risk Assessment

The risk involves potential remote disruption of network services for users connected to a malicious base station, leading to communication outages and loss of availability.

Recommendation

Apply the vendor patch MOLY01826924 immediately and implement base station authentication mechanisms to mitigate the risk.

Original NVD description (English source)

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01826924; Issue ID: MSV-7301.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS