Published on March 3, 2026
Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
Severity
High
Google has released its March 2026 Android Security Bulletin, delivering patches for 129 security vulnerabilities — among them an actively exploited zero-day in a Qualcomm display/graphics component affecting a wide range of Android devices.
| CVE ID | Vulnerability Type | Impact | CVSS Score |
| CVE-2026-21385 | Buffer Over-Read | Occurs when user-supplied data causes an integer overflow or wraparound, leading to memory. | 7.8 |
| CVE-2026-0006 | Remote Code Execution | Critical remote code execution flaw in the System component, exploitable without additional privileges or user interaction. | 9.8 |
The zero-day tracked as CVE-2026-21385 is an integer overflow/overflow-related memory corruption vulnerability in a Qualcomm graphics/display subcomponent built into many Android devices.
According to Qualcomm’s own security advisory, the flaw:
- Affects hundreds of Qualcomm chipsets used in mobile, automotive, XR, and other platforms.
- It was reported to Qualcomm by Google’s Android Security team in December 2025, and customers were notified in February 2026.
Google’s March bulletin warns there are “indications that CVE-2026-21385 may be under limited, targeted exploitation,” though the company has not disclosed detailed public information about the methods or victims.
While Google has not released technical exploit details, broad reporting indicates:
- Exploitation is targeted but ongoing in real-world attacks.
- Memory corruption vulnerabilities in graphics/display drivers can be used to bypass security protections, potentially leading to device compromise when chained with other issues.
- Unlike remote network-based attacks, this vulnerability is exploitable locally — for example by a malicious app installed on a device, but exploitation could enable privilege escalation and further compromise.
In addition to CVE-2026-21385, the Android March 2026 Security Bulletin also patches:
- Remote Code Execution vulnerabilities in the System/Media Codecs components, exploitable without user interaction.
- Multiple Privilege Escalation flaws in the Framework and Kernel.
- DoS and information disclosure vulnerabilities across system components.
The update represents one of the largest monthly Android patch rollouts in recent years, underscoring both the volume of issues and the importance of timely updates.
Recommendation
The March 2026 Android Security Bulletin addresses an unusually large set of vulnerabilities — 129 in total, including a zero-day actively exploited in the wild (CVE-2026-21385) and several other critical bugs that can lead to remote code execution or privilege escalation.
Given the real-world exploitation risk and the role of Qualcomm components in many Android devices, users and organizations should treat this update as a high priority and ensure patches are applied without delay.
The March 2026 update is delivered in two security patch levels:
- 2026-03-01: Core Android platform fixes
- 2026-03-05: Includes additional patches for closed-source, third-party, and hardware-specific components such as chipset drivers (including Qualcomm fixes).
Important:
- Google Pixel devices receive updates immediately.
- Other manufacturers may take longer to adapt and distribute updates due to hardware and firmware integration testing.
To mitigate the risk posed by these vulnerabilities — especially the actively exploited CVE-2026-21385 zero-day — users and administrators should:
- Apply the latest Android security update immediately once it appears for your device, ideally to the 2026-03-05 patch level.
- Check device settings to confirm the security patch level reflects March 2026 or later.
- Prioritize updating devices with Qualcomm chipsets, as the zero-day affects a broad range of Snapdragon platforms.
- Enterprises should integrate Android patch status into mobile device management (MDM) compliance policies and enforce timely update deployment.
Source
https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html