Android Devices Hit by Exploited Qualcomm Flaw CVE-2026-21385
In a recent update, Google has confirmed that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks. This high-severity vulnerability affects an open-source Qualcomm component used in various Android devices and could allow attackers to access sensitive memory data.
The flaw is a buffer over-read in the Graphics component, which could lead to memory corruption while using alignments for memory allocation. Qualcomm received a report about CVE-2026-21385 from Google's Android Security team on December 18, 2025, and notified customers on February 2, 2026. Although Google has not shared technical details, it has acknowledged signs of limited, targeted exploitation.
In response to this vulnerability, the March 2026 Android update fixes over 129 vulnerabilities, including the critical CVE-2026-0006, which allows remote code execution without user interaction or additional privileges. This highlights the ongoing risks faced by Android users and the importance of keeping their devices up-to-date with the latest security patches.
In this article, we will delve into the details of CVE-2026-21385 and its impact on Android devices. We'll also explore the steps you can take to protect yourself from this vulnerability and provide guidance on how to keep your device secure.
The Vulnerability: Understanding CVE-2026-21385
CVE-2026-21385 is a buffer over-read in the Graphics component, which could allow attackers to access sensitive memory data. This vulnerability has a high-severity score of 7.8, indicating that it poses a significant risk to Android users.
The vulnerability was reported by Google's Android Security team on December 18, 2025, and notified customers on February 2, 2026. Although Google has not shared technical details about the attacks exploiting this vulnerability, it has acknowledged signs of limited, targeted exploitation.
How Did This Vulnerability Get Exploited?
The exact method used to exploit CVE-2026-21385 is not publicly known. However, it's believed that attackers took advantage of the buffer over-read in the Graphics component to access sensitive memory data. This could potentially allow attackers to execute malicious code on the device.
Google has confirmed that there are indications that CVE-2026-21385 may be under limited, targeted exploitation. This suggests that the vulnerability is being actively exploited by attackers, but the number of affected devices and the scope of the attack are unclear.
What Can You Do to Protect Yourself?
To protect yourself from CVE-2026-21385, it's essential to keep your device up-to-date with the latest security patches. Google has released the March 2026 Android update, which fixes over 129 vulnerabilities, including CVE-2026-0006.
In addition to keeping your device updated, you should also be cautious when interacting with unknown sources or clicking on suspicious links. Malware and phishing attacks can compromise your device's security and put you at risk of falling victim to exploitation.
Conclusion
CVE-2026-21385 highlights the ongoing risks faced by Android users and the importance of keeping their devices up-to-date with the latest security patches. By taking proactive steps to protect yourself from this vulnerability, you can minimize your risk of falling victim to exploitation.
Remember to regularly check for updates on your device and stay informed about the latest cybersecurity threats. With awareness and caution, you can keep your device secure and prevent potential attacks like CVE-2026-21385.
Follow us on Twitter: @securityaffairs and Facebook and Mastodon