CVE-2026-21385 - Vulnerability Analysis

Osma A 🇫🇮🇺🇦

@osma

Mar 4, 2026

Google notifying Android user of high-severity vuln CVE-2026-21385 and March 2026 security update might work better if that link the "AI Mode" #slopgenerator did not link to December 2025 bulletin.

Jeff Hall - PCIGuru :verified:

@jbhall56

Mar 4, 2026

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups. https://www.darkreading.com/threat-intelligence/qualcomm-zero-day-exploited-targeted-android-attacks

ZEN SecDB

@secdb

Mar 4, 2026

🚨 [CISA-2026:0303] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0303) CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. ⚠️ CVE-2026-21385 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-21385) - Name: Qualcomm Multiple Chipsets Memory Corruption Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Qualcomm - Product: Multiple Chipsets - Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385 ⚠️ CVE-2026-22719 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-22719) - Name: Broadcom VMware Aria Operations Command Injection Vulnerability - Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. - Known To Be Used in Ransomware Campaigns? Unknown - Vendor: Broadcom - Product: VMware Aria Operations - Notes: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719 #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260303 #cisa20260303 #cve_2026_21385 #cve_2026_22719 #cve202621385 #cve202622719

CISA KEV Tracker

@cisakevtracker

Mar 3, 2026

CVE ID: CVE-2026-21385 Vendor: Qualcomm Product: Multiple Chipsets Date Added: 2026-03-03 Notes: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385 CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2026-21385

OverSecurity

@oversecurity

Mar 3, 2026

Aggiornamenti Android marzo 2026, corretta una zero-day già sfruttata: cosa fare subito Google ha rilasciato l’Android Security Bulletin di marzo 2026, il più corposo dell’anno: 129 vulnerabilità corrette di cui una, la CVE-2026-21385... 🔗️ [Cybersecurity360] https://link.is.it/AC1JZ9

The Threat Codex

@threatcodex

Mar 3, 2026

Google confirms that the Qualcomm Android vulnerability CVE-2026-21385 was exploited in real-world attacks. #CVE_2026_21385 https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html