CVE-2026-21385

high

Description

Memory corruption while using alignments for memory allocation.

References

Exploits
More

https://www.malwarebytes.com/blog/news/2026/03/high-severity-qualcomm-bug-hits-android-devices-in-targeted-attacks

https://securityaffairs.com/188887/security/u-s-cisa-adds-qualcomm-and-broadcom-vmware-aria-operations-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.securityweek.com/android-update-patches-exploited-qualcomm-zero-day/

https://www.helpnetsecurity.com/2026/03/03/android-march-2026-security-patch-cve-2026-21385/

https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks

https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/

https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html

https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html

https://cyberscoop.com/android-security-update-march-2026/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21385

https://source.android.com/docs/security/bulletin/2026/2026-03-01

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html

Details

Source: Mitre, NVD

Published: 2026-03-02

Updated: 2026-03-04

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00015