CVE-2026-20435

Name of the Vulnerable Software and Affected Versions MediaTek chips (affected versions not specified)

Description A logic error in the preloader component allows the reading of device unique identifiers. This can lead to local information disclosure if an attacker has physical access to the device, without needing additional execution privileges or user interaction. Approximately 25% of Android devices are affected. The vulnerability allows for the extraction of wallet keys from devices within 45 seconds. The issue bypasses lock screens, encryption, and USB protections, even on powered-off devices, exposing IMEI, serial numbers, and cryptographic keys.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.