ACCORDING to Known Exploited Vulnerabilities Catalog, Qualcomm has a memory corruption vulnerability across multiple chipsets, listed as CVE-2026-21385. The entry notes that multiple Qualcomm chipsets are affected when using alignments for memory allocation. It is marked as Known To Be Used in Ransomware Campaigns? Unknown, with action advised to apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
The record shows the date added as 3 March 2026 and the due date as 24 March 2026. Related references include links to the Android security bulletin for 1 March 2026 and the NVD page for CVE-2026-21385. This KEV entry emphasises using the catalog as an input to vulnerability management prioritisation within organisations.