CVE-2026-20435

MEDIUM

Preloader - Info Disclosure

Title source: llm

Description

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

References (1)

[Various Sources] https://corp.mediatek.com/product-security-bulletin/March-2026

Scores

CVSS v3 4.6

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (50)

google/android 14.0

google/android 15.0

google/android 16.0

linuxfoundation/yocto 4.0

MediaTek, Inc./MediaTek chipset MT2737

MediaTek, Inc./MediaTek chipset MT6739

MediaTek, Inc./MediaTek chipset MT6761

MediaTek, Inc./MediaTek chipset MT6765

MediaTek, Inc./MediaTek chipset MT6768

MediaTek, Inc./MediaTek chipset MT6781

... and 40 more

Published Mar 02, 2026

Tracked Since Mar 02, 2026