Local Priv Esc in MediaTek WLAN STA Driver via OOB Write
CVE-2026-20423 Published on March 2, 2026
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956.
Vulnerability Analysis
CVE-2026-20423 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Exposed Dangerous Method or Function
The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Affected Versions
MediaTek, Inc. MediaTek chipset:- Version MT7902 is affected.
- Version MT7920 is affected.
- Version MT7921 is affected.
- Version MT7922 is affected.
- Version MT7925 is affected.
- Version MT7927 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.