CVE-2026-20404 — Vulnetix

CVE-2026-20404 PUBLISHED CVSS 7.5 HIGH

In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

EPSS 0.03% · 8.6th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.03%

8.6th percentile

Affected Products

Vendor	Product	Versions
Unisoc (Shanghai) Technologies Co., Ltd.	T7300/T8100/T9100/T8200/T8300	*

Exploit Intelligence

https://www.unisoc.com/en/support/announcement/2030931350138310657 (circl)
CIRCL seen: CVE-2025-61612 (circl-sighting)
CVE-2026-20404-MediaTek-modem-remote-DoS-rogue-base-station-scenario- (cve.org)

Timeline

Feb 2, 2026 EPSS Score
Feb 2, 2026 CVE Published
Feb 4, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 25, 2026 EPSS Score

References

https://source.android.com/docs/security/bulletin/2026/2026-03-01?hl=fr advisory
https://www.unisoc.com/en/support/announcement/2030931350138310657 url

Open in Interactive Console →