Qualcomm Zero-Day Exploited in Targeted Android Attacks
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
Qualcomm ยท Multiple Chipsets
Known ransomware use: Unknown
Follow the source advisory and validate exposure in your environment.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Recent reporting that mentions CVE-2026-21385.
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild