A critical vulnerability in Android devices, identified as CVE-2026-20435, can be exploited to bypass lock screens in under 60 seconds. This flaw affects Android phones equipped with certain MediaTek System-on-a-Chip (SoC) components that utilize Trustonic's Trusted Execution Environment (TEE), which is estimated to be approximately one in four Android devices, primarily budget models. By connecting a vulnerable phone to a laptop via USB, researchers successfully demonstrated the vulnerability, gaining access to the device's PIN, decrypting storage, and extracting sensitive information from software wallets. The exploit highlights a significant security risk, particularly for users of affected devices1. This vulnerability expands the active attack surface, making it essential for practitioners to prioritize mitigation based on their exposure and available exploitation evidence. The severity of this flaw underscores the need for prompt patches and updates to prevent potential breaches.