CVE-2026-20462
MediumCVSS 6.7Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A memory corruption vulnerability due to a heap buffer overflow has been discovered in Telephony. This could lead to local escalation of privilege if an attacker already has System privileges. User interaction is not required for exploitation.
Risk Assessment
The risk involves potential privilege escalation by a local attacker, which could lead to full device compromise and access to sensitive data.
Recommendation
It is recommended to immediately apply patch ALPS11006447 provided by the vendor and keep Telephony software updated regularly.
Original NVD description (English source)
In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871.

