CVE Catalog

CVE-2026-20460

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

In the Modem module, there is a vulnerability leading to information disclosure due to improper input validation. An attacker can remotely disclose information if the user equipment (UE) connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are required for exploitation.

Risk Assessment

The risk involves potential remote leakage of sensitive data from the mobile device without user awareness, which could compromise privacy and communication security.

Recommendation

It is recommended to immediately apply patch MOLY01811421 provided by the vendor and avoid connecting to untrusted base stations.

Original NVD description (English source)

In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS