Google Confirms Active Exploitation of High-Severity Vulnerability in Android Devices

📌 Google confirmed on Monday that a high-severity security vulnerability, CVE-2026-21385 (CVSS score: 7.8), in an open-source Qualcomm component used in Android devices has been actively exploited in the wild. The flaw is a buffer over-read issue in the Graphics component, described by Qualcomm as memory corruption occurring when user-supplied data is added without verifying available buffer space. No specific attack vectors, affected device models, or threat actors were disclosed in the report. The vulnerability was publicly acknowledged by Google and Qualcomm, with the latter issuing an advisory detailing the technical cause. The disclosure date aligns with the publication of the notice on March 3, 2026.