MediaTek Preloader Local Info Disclosure via UID Exposure
CVE-2026-20435 Published on March 2, 2026
In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.
Vulnerability Analysis
CVE-2026-20435 can be exploited with physical access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Products Associated with CVE-2026-20435
Want to know whenever a new CVE is published for MediaTek products? stack.watch will email you.
Affected Versions
MediaTek, Inc. MediaTek chipset:- Version MT2737 is affected.
- Version MT6739 is affected.
- Version MT6761 is affected.
- Version MT6765 is affected.
- Version MT6768 is affected.
- Version MT6781 is affected.
- Version MT6789 is affected.
- Version MT6813 is affected.
- Version MT6833 is affected.
- Version MT6853 is affected.
- Version MT6855 is affected.
- Version MT6877 is affected.
- Version MT6878 is affected.
- Version MT6879 is affected.
- Version MT6880 is affected.
- Version MT6885 is affected.
- Version MT6886 is affected.
- Version MT6890 is affected.
- Version MT6893 is affected.
- Version MT6895 is affected.
- Version MT6897 is affected.
- Version MT6983 is affected.
- Version MT6985 is affected.
- Version MT6989 is affected.
- Version MT6990 is affected.
- Version MT6993 is affected.
- Version MT8169 is affected.
- Version MT8186 is affected.
- Version MT8188 is affected.
- Version MT8370 is affected.
- Version MT8390 is affected.
- Version MT8676 is affected.
- Version MT8678 is affected.
- Version MT8696 is affected.
- Version MT8793 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.