If your phone uses certain MediaTek chipsets, or runs Android 14 to 16, it could be vulnerable.
The issue also hits some other platforms like OpenWrt and Yocto.

MediaTek issued a patch identified as ALPS10607099; the company provided the fix to OEMs in early January 2026.
Phone makers now need to push these updates to keep users safe.
An official CVSS v3.1 score of 4.6 (Medium) has been reported; other severity metrics may still be pending, but updating as soon as possible is the smart move.