CVE-2026-21385

Integer Overflow or Wraparound in Graphics

CVSS 7.8 HIGHEPSS 1.1%● KEVCWE-190

Vexday Risk Score

51Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.8EPSS 1.1%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

02 Mar 2026Published on NVD

03 Mar 2026Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A flaw in how graphics memory is allocated can cause it to overflow, corrupting data in memory. This can lead to crashes or allow attackers to execute malicious code.

Technical detail

Integer overflow in memory alignment calculations during graphics buffer allocation allows heap corruption. Attack vector requires processing specially crafted graphical input; impact includes code execution or denial of service depending on memory layout and application context.

Summary generated and translated by AI from the official description.

Memory corruption while using alignments for memory allocation.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html https://source.android.com/docs/security/bulletin/2026/2026-03-01 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21385