CVE-2026-20414

In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/February-2026	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt8196:-:::::::*
	cpe:2.3:h:mediatek:mt8678:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8796:-:::::::*

History

03 Feb 2026, 21:54

Type	Values Removed	Values Added
CPE		cpe:2.3:h:mediatek:mt6989:-:::::::* cpe:2.3:h:mediatek:mt8196:-:::::::* cpe:2.3:h:mediatek:mt8796:-:::::::* cpe:2.3:o:google:android:15.0:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt8678:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::*
References	~~() https://corp.mediatek.com/product-security-bulletin/February-2026 -~~	() https://corp.mediatek.com/product-security-bulletin/February-2026 - Vendor Advisory
First Time		Mediatek mt8196 Mediatek mt8786 Mediatek mt6989 Google Mediatek mt8796 Google android Mediatek mt8768 Mediatek mt8766 Mediatek mt8678 Mediatek Mediatek mt6897

Information

Published : 2026-02-02 09:15

Updated : 2026-02-03 21:54

NVD link : CVE-2026-20414

Mitre link : CVE-2026-20414

CVE.ORG link : CVE-2026-20414

JSON object : View

Products Affected

mediatek

mt8196
mt8786
mt6897
mt8796
mt6989
mt8678
mt8766
mt8768

google

android

CWE

CWE-416

Use After Free

{"id": "CVE-2026-20414", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2026-02-02T09:15:56.457", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/February-2026", "tags": ["Vendor Advisory"], "source": "security@mediatek.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@mediatek.com", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625."}], "lastModified": "2026-02-03T21:54:32.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"}, {"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255"}, {"criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E"}, {"criteria": "cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "152A5F3D-8004-4649-BDB1-E6F0798AF1CB"}, {"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"}, {"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"}, {"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"}, {"criteria": "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mediatek.com"}