CVE-2026-20459
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
A vulnerability in the Modem component allows remote denial of service due to improper input validation. An attacker can cause a system crash by using a rogue base station without requiring user interaction.
Risk Assessment
The risk involves potential remote disruption of device operation without user interaction, leading to unavailability of communication services.
Recommendation
Apply the patch MOLY01816800 provided by the vendor immediately and avoid connecting to untrusted base stations.
Original NVD description (English source)
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.

