CVE-2026-21372

moderate-risk

Published 2026-04-06

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Cologne Firmware

Fastconnect 6700 Firmware

Fastconnect 6900 Firmware

Fastconnect 7800 Firmware

Qcm5430 Firmware

Qcm6490 Firmware

Video Collaboration Vc3 Platform Firmware

Snapdragon 460 Mobile Platform Firmware

Snapdragon 662 Mobile Platform Firmware

Snapdragon 7C\+ Gen 3 Compute Firmware

Wcd9370 Firmware

Wcd9375 Firmware

Wcd9378C Firmware

Wcd9380 Firmware

Wcd9385 Firmware

Wcn3950 Firmware

Wcn3988 Firmware

Wsa8840 Firmware

Wsa8845 Firmware

Wsa8845H Firmware

Qualcomm

Vendor Advisory https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bu...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 22/34 · High