CVE Catalog

CVE-2026-20458

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

In the Modem module, a possible memory corruption due to a missing bounds check could lead to remote escalation of privilege if a UE connects to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not required for exploitation.

Risk Assessment

The risk involves potential remote takeover of the device by an attacker impersonating a legitimate base station, which could compromise data confidentiality, integrity, and network availability.

Recommendation

It is recommended to immediately apply the patch identified as MOLY01402160 and update the modem software to the latest version to eliminate the memory corruption vulnerability.

Original NVD description (English source)

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01402160; Issue ID: MSV-7298.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS