Google has confirmed that a high-severity Android vulnerability linked to a Qualcomm component has been exploited in real-world attacks. The issue is tracked as CVE 2026 21385 and was fixed as part of the March 2026 Android security update.
The flaw affects a graphics component built on Qualcomm code that is used in many Android devices. It carries a CVSS score of 7.8, which places it in the high severity category. The vulnerability is described as a buffer overflow caused by improper handling of user-supplied data. Qualcomm has referred to it as an integer overflow issue that can lead to memory corruption.
According to the disclosure timeline, Google’s Android Security team reported the flaw to Qualcomm on December 18, 2025. Qualcomm then informed its customers about the issue on February 2, 2026. While technical details about the attacks have not been shared, Google has stated that there are indications the flaw may be under limited and targeted exploitation.
The March 2026 Android Security Bulletin includes fixes for a total of 129 vulnerabilities. This marks a significant jump compared to the previous two months, when only one issue was addressed in January and none were fixed in February.
Among the most serious issues patched this month is a critical vulnerability in the Android System component, tracked as CVE 2026 0006. This flaw could allow remote code execution without requiring user interaction or additional privileges. Such vulnerabilities are considered especially dangerous because attackers may exploit them silently.
Google also fixed a privilege escalation issue in the Framework component, a denial of service vulnerability in the System component, and multiple privilege escalation flaws in Kernel components. These bugs could potentially allow attackers to gain higher access levels or disrupt device operations.
The March update is divided into two patch levels, dated 2026 03 01 and 2026 03 05. This structure allows device manufacturers to roll out fixes more efficiently across different hardware platforms. The second patch level includes additional fixes for Kernel components and third-party vendors such as Qualcomm, MediaTek, Arm, Imagination Technologies, and Unisoc.
Android users are advised to check for software updates and install the latest security patch as soon as it becomes available. Timely updates remain one of the most effective ways to protect devices against known vulnerabilities, especially when active exploitation has already been reported.
