CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 24, 2026
Description
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
EPSS — Exploit Probability
Higher than 59.2% of all CVEs
Required Action
https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
Related Articles (4)
⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware
Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
Mar 9, 2026
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 3, 2026
Qualcomm Zero-Day Exploited in Targeted Android Attacks
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
Mar 3, 2026
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Google’s March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006.
Mar 3, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 0.4%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 4
Timeline
Published
Mar 3, 2026
Added to KEV
Mar 3, 2026
Remediation Due
Mar 24, 2026