CVE-2026-21385

Name of the Vulnerable Software and Affected Versions Qualcomm Android components versions prior to 2026-03-05

Description A high-severity memory corruption issue exists in Qualcomm graphics components used in Android devices. The vulnerability, identified as CVE-2026-21385, is an integer overflow that can lead to memory corruption during memory allocation. This flaw is actively being exploited in targeted attacks. The vulnerability affects over 234 Qualcomm chipsets and has been observed in the wild. The issue is related to the Graphics subcomponent and may allow local attackers to cause memory damage and potentially execute malicious code. The vulnerability is confirmed to be under limited, targeted exploitation.

Recommendations Update devices to Android patch level 2026-03-05 or later to address this vulnerability.