CISA Warns Qualcomm Chipsets Memory Corruption Vulnerability Is Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) added the critical Qualcomm chipset vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 3, 2026, confirming active exploitation in the wild.
The flaw, tracked as CVE-2026-21385, impacts multiple Qualcomm chipsets and introduces a serious memory corruption risk. Attackers can leverage this vulnerability to compromise affected devices.
Vulnerability Overview
The vulnerability stems from an integer overflow condition (CWE-190) occurring during memory allocation alignment operations across several Qualcomm chipsets. When processing specific memory alignment requests, improper validation allows integer values to overflow, corrupting adjacent memory regions. This flaw enables threat actors to execute arbitrary code, escalate privileges, or destabilize targeted systems. Given the widespread deployment of Qualcomm chipsets in mobile, embedded, and IoT environments, this vulnerability significantly broadens the attack surface.
Qualcomm processors power hundreds of millions of Android smartphones, tablets, automotive systems, and connected devices globally, making this a highly attractive target for both state-sponsored actors and cybercriminals.
| Field | Details |
|---|---|
| CVE ID | CVE-2026-21385 |
| Vendor/Product | Qualcomm / Multiple Chipsets |
| Vulnerability Type | Memory Corruption |
| CWE | CWE-190 (Integer Overflow or Wraparound) |
| Date Added to KEV | March 03, 2026 |
| Remediation Due Date | March 24, 2026 |
| Ransomware Usage | Unknown |
| CISA Action | Apply vendor mitigations or discontinue product use |
CISA’s inclusion of this flaw in the KEV catalog confirms that threat actors are actively exploiting CVE-2026-21385 in real-world attacks. While ransomware campaign involvement remains unknown at this stage, memory corruption vulnerabilities of this class are frequently weaponized for privilege escalation, remote code execution chains, and persistent device compromise. The broad deployment of Qualcomm chipsets makes this an attractive target for both state-sponsored actors and cybercriminal groups.
Mitigation and Recommended Actions
CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies remediate this vulnerability by March 24, 2026, in line with Binding Operational Directive (BOD) 22-01. CISA recommends all organizations take the following steps immediately:
- Apply patches as soon as Qualcomm releases official mitigations or firmware updates
- Follow BOD 22-01 guidance for cloud-based services using affected chipsets
- Discontinue use of affected products if no mitigations are available
- Monitor devices running Qualcomm chipsets for anomalous behavior or unauthorized memory access attempts
- Subscribe to CISA KEV catalog updates to stay informed of newly exploited vulnerabilities
Organizations relying on Qualcomm-powered infrastructure should treat this as a high-priority remediation item given the active exploitation status confirmed by CISA.