CVE-2026-25276: Memory Corruption in Qualcomm Strongbox (Bound Check Missing)
CVE-2026-25276 Published on June 1, 2026
Improper Validation of Array Index in Secure Processor
Memory corruption while using Strongbox due to missing bounds check.
Vulnerability Analysis
CVE-2026-25276 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is an out-of-bounds array index Vulnerability?
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
CVE-2026-25276 has been classified to as an out-of-bounds array index vulnerability or weakness.
Products Associated with CVE-2026-25276
stack.watch emails you whenever new vulnerabilities are published in Qualcomm Snapdragon or Google Android. Just hit a watch button to start following.
Affected Versions
Qualcomm, Inc. Snapdragon:- Version Snapdragon 8 Gen 2 Mobile Platform is affected.
- Version Snapdragon 8+ Gen 2 Mobile Platform is affected.
- Version Snapdragon 8 Gen 3 Mobile Platform is affected.
- Version Snapdragon 8 Elite is affected.
- Version Snapdragon 8 Elite Gen 5 is affected.