Google has confirmed that a high severity vulnerability affecting a Qualcomm open source component used in Android devices is being actively exploited in targeted attacks.
The flaw, tracked as CVE-2026-21385 with a CVSS score of 7.8, impacts the Graphics component and involves a buffer over read issue that may lead to memory corruption.
Qualcomm Advisory and Technical Details
According to Qualcomm, the vulnerability stems from improper handling of user supplied data without verifying available buffer space. The issue has been classified as an integer overflow, which can result in memory corruption during data processing.
The chipmaker stated that the flaw was reported by Google’s Android Security team on December 18, 2025. Device manufacturers were formally notified about the security issue on February 2, 2026.
Although technical specifics regarding the exploitation chain have not been publicly disclosed, Google acknowledged in its March 2026 Android Security Bulletin that there are indications of limited and targeted real world exploitation.
March 2026 Android Security Update
The March 2026 Android security update addresses a total of 129 vulnerabilities across various system components.
Among them is a critical vulnerability in the System component, identified as CVE-2026-0006, which could allow remote code execution without requiring user interaction or additional privileges. This type of flaw significantly increases risk exposure because it can be triggered silently.
In comparison, Google addressed only one Android vulnerability in January 2026 and did not release any fixes in February.
Other Critical Vulnerabilities Patched
In addition to CVE-2026-21385, Google resolved multiple high risk issues in the March update, including:
- A privilege escalation vulnerability in the Framework component, CVE-2026-0047
- A denial of service vulnerability in the System component, CVE-2025-48631
- Seven privilege escalation flaws affecting Kernel components, including CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, and CVE-2026-0031
These vulnerabilities could potentially allow attackers to gain elevated permissions, disrupt services, or compromise device stability.
Dual Patch Levels for Android Partners
The Android security bulletin provides two separate patch levels dated 2026-03-01 and 2026-03-05. This approach gives Android ecosystem partners flexibility in addressing vulnerabilities across different hardware models and configurations.
The second patch level includes fixes for Kernel components and patches provided by third party vendors such as Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
Security Recommendations for Android Users
Given the confirmation of active exploitation, users are strongly advised to install the latest Android security updates as soon as they become available for their devices.
Organizations managing Android fleets should prioritize patch deployment and monitor for unusual device behavior that could indicate compromise.
The exploitation of CVE-2026-21385 underscores the ongoing security challenges in mobile ecosystems and highlights the importance of timely patch management in protecting against targeted cyber threats.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
