VDB
CVE-2026-20409
CVE-2026-20409
PUBLISHED
CVSS 8.600000381469727 HIGH
In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.
EPSS 0.00% · 0.1th percentile
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.00%
0.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| android | 15.0, 15.0 | |
| MediaTek, Inc. | MT6897 | ALPS10315038 |
| MediaTek, Inc. | MediaTek chipset | MT6897, MT6989 |
| MediaTek, Inc. | MT6989 | ALPS10315038 |
Timeline
- Feb 2, 2026 EPSS Score
- Feb 2, 2026 CVE Published
- Feb 3, 2026 PoC Published
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 13, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score