CVE-2026-20460
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
In the Modem module, there is a vulnerability leading to information disclosure due to improper input validation. An attacker can remotely disclose information if the user equipment (UE) connects to a rogue base station controlled by the attacker. No additional execution privileges or user interaction are required for exploitation.
Risk Assessment
The risk involves potential remote leakage of sensitive data from the mobile device without user awareness, which could compromise privacy and communication security.
Recommendation
It is recommended to immediately apply patch MOLY01811421 provided by the vendor and avoid connecting to untrusted base stations.
Original NVD description (English source)
In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01811421; Issue ID: MSV-6788.

