Reference material — not professional advice. Test in staging, back up first, verify against your specific version. Use your own judgment for your environment.
● High · CVSS 7.5

How to Fix CVE-2026-20434: MediaTek chipset (Bundle Sibling)

By Sai Kiran Pandrala. Last verified: 2026-05-25.

CVE-2026-20434 is a sibling vulnerability in the same vendor advisory as CVE-2026-20416. Apply the same patched build and you close both. The technical detail below is what differs.

⚡ At a glance
Severity7.5 (High)
Actively exploited?No public listing in CISA KEV
AffectedMediaTek chipset MT2735; MediaTek chipset MT2737; MediaTek chipset MT6739; MediaTek chipset MT6761; MediaTek chipset MT6762; MediaTek chipset MT6762D; MediaTek chipset MT6762M; MediaTek chipset MT6763; MediaTek chipset MT6765; MediaTek chipset MT6765T; MediaTek chipset MT6767; MediaTek chipset MT6768; MediaTek chipset MT6769; MediaTek chipset MT6769K; MediaTek chipset MT6769S; MediaTek chipset MT6769T; MediaTek chipset MT6769Z; MediaTek chipset MT6771; MediaTek chipset MT6779; MediaTek chipset MT6781; MediaTek chipset MT6783; MediaTek chipset MT6785; MediaTek chipset MT6785T; MediaTek chipset MT6785U; MediaTek chipset MT6789; MediaTek chipset MT6833; MediaTek chipset MT6833P; MediaTek chipset MT6835; MediaTek chipset MT6835T; MediaTek chipset MT6853; MediaTek chipset MT6853T; MediaTek chipset MT6855; MediaTek chipset MT6855T; MediaTek chipset MT6873; MediaTek chipset MT6875; MediaTek chipset MT6875T; MediaTek chipset MT6877; MediaTek chipset MT6877T; MediaTek chipset MT6877TT; MediaTek chipset MT6878; MediaTek chipset MT6878M; MediaTek chipset MT6879; MediaTek chipset MT6880; MediaTek chipset MT6883; MediaTek chipset MT6885; MediaTek chipset MT6886; MediaTek chipset MT6889; MediaTek chipset MT6890; MediaTek chipset MT6891; MediaTek chipset MT6893; MediaTek chipset MT6895; MediaTek chipset MT6895TT; MediaTek chipset MT6896; MediaTek chipset MT6897; MediaTek chipset MT6899; MediaTek chipset MT6980; MediaTek chipset MT6980D; MediaTek chipset MT6983; MediaTek chipset MT6983T; MediaTek chipset MT6985; MediaTek chipset MT6985T; MediaTek chipset MT6989; MediaTek chipset MT6989T; MediaTek chipset MT6990; MediaTek chipset MT6991; MediaTek chipset MT8666; MediaTek chipset MT8667; MediaTek chipset MT8668; MediaTek chipset MT8673; MediaTek chipset MT8675; MediaTek chipset MT8676; MediaTek chipset MT8678; MediaTek chipset MT8755; MediaTek chipset MT8765; MediaTek chipset MT8766; MediaTek chipset MT8766R; MediaTek chipset MT8768; MediaTek chipset MT8771; MediaTek chipset MT8781; MediaTek chipset MT8786; MediaTek chipset MT8788; MediaTek chipset MT8788E; MediaTek chipset MT8789; MediaTek chipset MT8791; MediaTek chipset MT8791T; MediaTek chipset MT8792; MediaTek chipset MT8793; MediaTek chipset MT8795T; MediaTek chipset MT8797; MediaTek chipset MT8798; MediaTek chipset MT8863; MediaTek chipset MT8873; MediaTek chipset MT8883; MediaTek chipset MT8893
Fixed inSame patched build as CVE-2026-20416
Type (CWE)CWE-787 Out-of-bounds Write

What's different about CVE-2026-20434?

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.

How to fix CVE-2026-20434

Apply the patched build per the primary write-up: How to Fix CVE-2026-20416. All commands, verification steps, and rollback notes for MediaTek chipset are listed there.

Frequently asked questions

Does the CVE-2026-20416 patch close CVE-2026-20434?

Yes. Both CVEs are addressed by the same vendor patch. Applying the patched build closes the full bundle.

Is CVE-2026-20434 listed in CISA KEV?

No public KEV listing at the time of this writing.

Where is the official advisory?

See https://corp.mediatek.com/product-security-bulletin/March-2026

References

*Written by Sai Kiran Pandrala. Part of the MediaTek chipset bundle. Full procedure at how-to-fix-cve-2026-20416.*