cbcvebase.
CVE-2026-21385
published 2026-03-02

CVE-2026-21385: Memory corruption while using alignments for memory allocation.

PriorityP185high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-03-24
Exploited in the wild
EPSS
1.07%
60.6th percentile
Memory corruption while using alignments for memory allocation.

Affected

235 ranges· showing 25
VendorProductVersion rangeFixed in
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon
qualcomm_incsnapdragon

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-21385 is a memory corruption vulnerability in Qualcomm GPU/chipset components triggered via alignment handling during memory allocation; monitor for crashes or unexpected process termination in GPU-related processes on Android devices with affected Qualcomm chipsets.
  • CVE-2026-21385 has been confirmed as actively exploited in limited, targeted attacks (added to CISA KEV); prioritize detection and patching on Android devices using any of the 234–235 affected Qualcomm chipsets.
  • Exploitation pattern is consistent with commercial spyware or nation-state operations targeting high-profile individuals; correlate CVE-2026-21385 exploitation attempts with spyware-related indicators on targeted Android devices.
  • Apply the Android 2026-03-05 security patch level (or later) to remediate CVE-2026-21385; devices not yet at this patch level should be treated as potentially vulnerable and monitored for exploitation indicators.
  • ·Affected scope is broad: 234–235 Qualcomm chipsets across Android phones, tablets, and IoT devices are affected; patch availability depends on individual OEM/vendor timelines, not just Google's patch release.
  • ·Google Pixel devices receive patches immediately, but other Android vendors typically take longer to validate and distribute updates for their specific hardware configurations.
  • ·Qualcomm's own February advisory had not yet flagged CVE-2026-21385 as exploited in attacks at time of reporting, despite active exploitation being confirmed by Google TAG and CISA.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.