Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-126
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
CVE-2025-66038 (GCVE-0-2025-66038)
Vulnerability from cvelistv5 – Published: 2026-03-30 17:03 – Updated: 2026-04-01 18:15
VLAI
Title
OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers
Summary
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OpenSC/OpenSC/security/advisor… | x_refsource_CONFIRM |
| https://github.com/OpenSC/OpenSC/commit/6db171bcb… | x_refsource_MISC |
| https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:15:18.318069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:15:33.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenSC",
"vendor": "OpenSC",
"versions": [
{
"status": "affected",
"version": "\u003c 0.27.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given tag. In compact-TLV, a single byte encodes the tag (high nibble) and value length (low nibble). With a 1-byte buffer {0x0A}, the encoded element claims tag=0 and length=10 but no value bytes follow. Calling sc_compacttlv_find_tag with search tag 0x00 returns a pointer equal to buf+1 and outlen=10 without verifying that the claimed value length fits within the remaining buffer. In cases where the sc_compacttlv_find_tag is provided untrusted data (such as being read from cards/files), attackers may be able to influence it to return out-of-bounds pointers leading to downstream memory corruption when subsequent code tries to dereference the pointer. This issue has been patched in version 0.27.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T17:03:55.914Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459"
},
{
"name": "https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c"
},
{
"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038"
}
],
"source": {
"advisory": "GHSA-72x5-fwjx-2459",
"discovery": "UNKNOWN"
},
"title": "OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66038",
"datePublished": "2026-03-30T17:03:55.914Z",
"dateReserved": "2025-11-21T01:08:02.615Z",
"dateUpdated": "2026-04-01T18:15:33.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7745 (GCVE-0-2025-7745)
Vulnerability from cvelistv5 – Published: 2025-07-24 07:09 – Updated: 2025-07-24 13:17
VLAI
Title
Modbus TCP buffer overread
Summary
Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:17:42.636529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:17:47.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AC500 V2",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB acknowledges and extends gratitude to Reid Wightman of Dragos Inc for responsibly disclosing the vulnerability and providing valuable input on product improvements"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer Over-read vulnerability in ABB AC500 V2.\u003cp\u003eThis issue affects AC500 V2: through 2.5.2.\u003c/p\u003e"
}
],
"value": "Buffer Over-read vulnerability in ABB AC500 V2.This issue affects AC500 V2: through 2.5.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T11:57:52.418Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR011432\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Modbus TCP buffer overread",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-7745",
"datePublished": "2025-07-24T07:09:11.906Z",
"dateReserved": "2025-07-17T08:40:39.666Z",
"dateUpdated": "2025-07-24T13:17:47.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-0930 (GCVE-0-2026-0930)
Vulnerability from cvelistv5 – Published: 2026-04-20 21:28 – Updated: 2026-04-21 13:37
VLAI
Title
Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize
Summary
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer over-read
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T13:37:07.965883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T13:37:15.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "wolfSSH",
"vendor": "wolfSSL",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.4.15",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luigino Camastra"
},
{
"lang": "en",
"type": "finder",
"value": "Pavel Kohout"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePotential read out of bounds case with wolfSSHd on\u0026nbsp;\u003cspan\u003eWindows while handling a terminal resize request. An authenticated user could\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003etrigger the out of bounds read after establishing a connection which would\u003c/span\u003e\u003cspan\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eleak the adjacent stack memory to the pseudo-console output.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Potential read out of bounds case with wolfSSHd on\u00a0Windows while handling a terminal resize request. An authenticated user could\u00a0trigger the out of bounds read after establishing a connection which would\u00a0leak the adjacent stack memory to the pseudo-console output."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T21:28:33.227Z",
"orgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"shortName": "wolfSSL"
},
"references": [
{
"url": "https://github.com/wolfssl/wolfssh/pull/846"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d2cd11-d01a-48ed-9441-5bfce9d63b27",
"assignerShortName": "wolfSSL",
"cveId": "CVE-2026-0930",
"datePublished": "2026-04-20T21:28:33.227Z",
"dateReserved": "2026-01-13T23:45:50.452Z",
"dateUpdated": "2026-04-21T13:37:15.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11787 (GCVE-0-2026-11787)
Vulnerability from cvelistv5 – Published: 2026-06-09 13:02 – Updated: 2026-06-18 14:51
VLAI
Title
389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing
Summary
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.
Severity
5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-11787 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2485425 | issue-trackingx_refsource_REDHAT |
| https://redhat.atlassian.net/browse/PSIRTSUPT-7600 |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Directory Server 11 |
cpe:/a:redhat:directory_server:11 |
|
| Red Hat | Red Hat Directory Server 12 |
cpe:/a:redhat:directory_server:12 |
|
| Red Hat | Red Hat Directory Server 13 |
cpe:/a:redhat:directory_server:13 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
Date Public
2026-04-16 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:30:15.301451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:30:35.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:11"
],
"defaultStatus": "affected",
"packageName": "redhat-ds:11/389-ds-base",
"product": "Red Hat Directory Server 11",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:12"
],
"defaultStatus": "affected",
"packageName": "redhat-ds:12/389-ds-base",
"product": "Red Hat Directory Server 12",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:directory_server:13"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Directory Server 13",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "389-ds-base",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T14:51:33.920Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-11787"
},
{
"name": "RHBZ#2485425",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485425"
},
{
"url": "https://redhat.atlassian.net/browse/PSIRTSUPT-7600"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-16T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-16T00:00:00.000Z",
"value": "Made public."
}
],
"title": "389-ds-base: 389-ds-base: heap buffer over-read in ldap_utf8prev() via str2simple filter parsing",
"workarounds": [
{
"lang": "en",
"value": "No direct workaround addresses the code-level bug; network-level mitigations (proxies, WAFs, filter validation) do not apply. Mitigation measures to reduce exposure: restrict plugin configuration access (MEP originFilter, UID uniqueness nsUniqueAttribute, strict ACIs on cn=config); restrict Directory Manager access for ACI, MEP, or uniqueness plugin configuration; harden replication topology to restrict replication peers; monitor for anomalous search result sets that may indicate exploitation."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-126: Buffer Over-read"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-11787",
"datePublished": "2026-06-09T13:02:53.711Z",
"dateReserved": "2026-06-09T12:55:55.703Z",
"dateUpdated": "2026-06-18T14:51:33.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20846 (GCVE-0-2026-20846)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-05-11 21:25
VLAI
Title
GDI+ Denial of Service Vulnerability
Summary
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Office for Android |
Affected:
16.0.1 , < 16.0.19822.20000
(custom)
|
|
| Microsoft | Windows 10 Version 1607 |
Affected:
10.0.14393.0 , < 10.0.14393.8868
(custom)
|
|
| Microsoft | Windows 10 Version 1809 |
Affected:
10.0.17763.0 , < 10.0.17763.8389
(custom)
|
|
| Microsoft | Windows 10 Version 21H2 |
Affected:
10.0.19044.0 , < 10.0.19044.6937
(custom)
|
|
| Microsoft | Windows 10 Version 22H2 |
Affected:
10.0.19045.0 , < 10.0.19045.6937
(custom)
|
|
| Microsoft | Windows 11 version 22H3 |
Affected:
10.0.22631.0 , < 10.0.22631.6649
(custom)
|
|
| Microsoft | Windows 11 Version 23H2 |
Affected:
10.0.22631.0 , < 10.0.22631.6649
(custom)
|
|
| Microsoft | Windows 11 Version 24H2 |
Affected:
10.0.26100.0 , < 10.0.26100.7840
(custom)
|
|
| Microsoft | Windows 11 Version 25H2 |
Affected:
10.0.26200.0 , < 10.0.26200.7840
(custom)
|
|
| Microsoft | Windows 11 version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1575
(custom)
|
|
| Microsoft | Windows 11 Version 26H1 |
Affected:
10.0.28000.0 , < 10.0.28000.1575
(custom)
|
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.9200.0 , < 6.2.9200.25923
(custom)
|
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.9200.0 , < 6.2.9200.25923
(custom)
|
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.9600.0 , < 6.3.9600.23022
(custom)
|
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.9600.0 , < 6.3.9600.23022
(custom)
|
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.14393.0 , < 10.0.14393.8868
(custom)
|
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.14393.0 , < 10.0.14393.8868
(custom)
|
|
| Microsoft | Windows Server 2019 |
Affected:
10.0.17763.0 , < 10.0.17763.8389
(custom)
|
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.17763.0 , < 10.0.17763.8389
(custom)
|
|
| Microsoft | Windows Server 2022 |
Affected:
10.0.20348.0 , < 10.0.20348.4773
(custom)
|
|
| Microsoft | Windows Server 2022, 23H2 Edition (Server Core installation) |
Affected:
10.0.25398.0 , < 10.0.25398.2149
(custom)
|
|
| Microsoft | Windows Server 2025 |
Affected:
10.0.26100.0 , < 10.0.26100.32370
(custom)
|
|
| Microsoft | Windows Server 2025 (Server Core installation) |
Affected:
10.0.26100.0 , < 10.0.26100.32370
(custom)
|
Date Public
2026-02-10 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:22:10.599432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:22:20.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Office for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1607",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8868",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 1809",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8389",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 21H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19044.6937",
"status": "affected",
"version": "10.0.19044.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 10 Version 22H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19045.6937",
"status": "affected",
"version": "10.0.19045.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 22H3",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6649",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows 11 Version 23H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.22631.6649",
"status": "affected",
"version": "10.0.22631.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"product": "Windows 11 Version 24H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.7840",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 25H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26200.7840",
"status": "affected",
"version": "10.0.26200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"ARM64-based Systems"
],
"product": "Windows 11 version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1575",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"product": "Windows 11 Version 26H1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.28000.1575",
"status": "affected",
"version": "10.0.28000.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25923",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.25923",
"status": "affected",
"version": "6.2.9200.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23022",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.23022",
"status": "affected",
"version": "6.3.9600.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8868",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.8868",
"status": "affected",
"version": "10.0.14393.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8389",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.8389",
"status": "affected",
"version": "10.0.17763.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.20348.4773",
"status": "affected",
"version": "10.0.20348.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.25398.2149",
"status": "affected",
"version": "10.0.25398.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32370",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2025 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.26100.32370",
"status": "affected",
"version": "10.0.26100.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.28000.1575",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.28000.1575",
"versionStartIncluding": "10.0.28000.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.8389",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8389",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.8389",
"versionStartIncluding": "10.0.17763.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.4773",
"versionStartIncluding": "10.0.20348.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21H2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.6937",
"versionStartIncluding": "10.0.19044.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.6937",
"versionStartIncluding": "10.0.19045.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32370",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26200.7840",
"versionStartIncluding": "10.0.26200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.6649",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23H2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.6649",
"versionStartIncluding": "10.0.22631.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.2149",
"versionStartIncluding": "10.0.25398.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.26100.7840",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.32370",
"versionStartIncluding": "10.0.26100.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.8868",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8868",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.8868",
"versionStartIncluding": "10.0.14393.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25923",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.2.9200.25923",
"versionStartIncluding": "6.2.9200.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23022",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "6.3.9600.23022",
"versionStartIncluding": "6.3.9600.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office:*:*:android:*:*:*:*:*",
"versionEndExcluding": "16.0.19822.20000",
"versionStartIncluding": "16.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:25:50.455Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "GDI+ Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20846"
}
],
"title": "GDI+ Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-20846",
"datePublished": "2026-02-10T17:51:49.875Z",
"dateReserved": "2025-12-03T05:54:20.377Z",
"dateUpdated": "2026-05-11T21:25:50.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21367 (GCVE-0-2026-21367)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:33 – Updated: 2026-04-06 16:22
VLAI
Title
Buffer Over-read in WLAN Firmware
Summary
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8035
Affected: Cologne Affected: CSR8811 Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: FWA Gen 3 Ultra Platform Affected: G2 Gen 1 Affected: Immersive Home 214 Platform Affected: Immersive Home 216 Platform Affected: Immersive Home 316 Platform Affected: Immersive Home 318 Platform Affected: IPQ5010 Affected: IPQ5028 Affected: IPQ6000 Affected: IPQ6010 Affected: IPQ6018 Affected: IPQ8076 Affected: IPQ8078 Affected: IPQ9574 Affected: Milos Affected: Netrani Affected: Networking Pro 1200 Platform Affected: Networking Pro 1210 Platform Affected: Networking Pro 1610 Platform Affected: Networking Pro 400 Platform Affected: Networking Pro 600 Platform Affected: Networking Pro 610 Platform Affected: Networking Pro 800 Platform Affected: Networking Pro 810 Platform Affected: Orne Affected: Palawan25 Affected: Pandeiro Affected: QCA4024 Affected: QCA6391 Affected: QCA6698AU Affected: QCA6777AQ Affected: QCA6787AQ Affected: QCA6797AQ Affected: QCA8075 Affected: QCA8081 Affected: QCA8082 Affected: QCA8084 Affected: QCA8085 Affected: QCA8337 Affected: QCA8386 Affected: QCA9888 Affected: QCA9889 Affected: QCC2073 Affected: QCC2076 Affected: QCC710 Affected: QCM4490 Affected: QCN5022 Affected: QCN5024 Affected: QCN5052 Affected: QCN5122 Affected: QCN5124 Affected: QCN5152 Affected: QCN5154 Affected: QCN5164 Affected: QCN6023 Affected: QCN6024 Affected: QCN6122 Affected: QCN6132 Affected: QCN6224 Affected: QCN6274 Affected: QCN9000 Affected: QCN9011 Affected: QCN9012 Affected: QCN9022 Affected: QCN9024 Affected: QCN9070 Affected: QCN9100 Affected: QCN9274 Affected: QCS4490 Affected: QCS8550 Affected: QFW7114 Affected: QFW7124 Affected: QLN1083BD Affected: QLN1086BD Affected: QMP1000 Affected: QPA1083BD Affected: QPA1086BD Affected: QXM1093 Affected: QXM1094 Affected: QXM1095 Affected: QXM1096 Affected: SAR2130P Affected: SC8380XP Affected: SD 8 Gen1 5G Affected: SM6650P Affected: SM7435 Affected: SM7635P Affected: SM7675 Affected: SM7675P Affected: SM8475P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8750P Affected: Snapdragon 6 Gen 1 Mobile Platform Affected: Snapdragon 6 Gen 3 Mobile Platform Affected: Snapdragon 6 Gen 4 Mobile Platform Affected: Snapdragon 7 Gen 1 Mobile Platform Affected: Snapdragon 7+ Gen 2 Mobile Platform Affected: Snapdragon 7s Gen 3 Mobile Platform Affected: Snapdragon 8 Elite Affected: Snapdragon 8 Elite Gen 5 Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 8+ Gen 1 Mobile Platform Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: WCD9340 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9378C Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3950 Affected: WCN3988 Affected: WCN6450 Affected: WCN6650 Affected: WCN6755 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: X2000077 Affected: X2000086 Affected: X2000090 Affected: X2000092 Affected: X2000094 Affected: XG101002 Affected: XG101032 Affected: XG101039 Affected: XRV7209 Affected: XRV9209 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:11:56.406673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:22:15.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Consumer Electronics Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MC",
"Snapdragon Mobile",
"Snapdragon WBC",
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "Cologne"
},
{
"status": "affected",
"version": "CSR8811"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "FWA Gen 3 Ultra Platform"
},
{
"status": "affected",
"version": "G2 Gen 1"
},
{
"status": "affected",
"version": "Immersive Home 214 Platform"
},
{
"status": "affected",
"version": "Immersive Home 216 Platform"
},
{
"status": "affected",
"version": "Immersive Home 316 Platform"
},
{
"status": "affected",
"version": "Immersive Home 318 Platform"
},
{
"status": "affected",
"version": "IPQ5010"
},
{
"status": "affected",
"version": "IPQ5028"
},
{
"status": "affected",
"version": "IPQ6000"
},
{
"status": "affected",
"version": "IPQ6010"
},
{
"status": "affected",
"version": "IPQ6018"
},
{
"status": "affected",
"version": "IPQ8076"
},
{
"status": "affected",
"version": "IPQ8078"
},
{
"status": "affected",
"version": "IPQ9574"
},
{
"status": "affected",
"version": "Milos"
},
{
"status": "affected",
"version": "Netrani"
},
{
"status": "affected",
"version": "Networking Pro 1200 Platform"
},
{
"status": "affected",
"version": "Networking Pro 1210 Platform"
},
{
"status": "affected",
"version": "Networking Pro 1610 Platform"
},
{
"status": "affected",
"version": "Networking Pro 400 Platform"
},
{
"status": "affected",
"version": "Networking Pro 600 Platform"
},
{
"status": "affected",
"version": "Networking Pro 610 Platform"
},
{
"status": "affected",
"version": "Networking Pro 800 Platform"
},
{
"status": "affected",
"version": "Networking Pro 810 Platform"
},
{
"status": "affected",
"version": "Orne"
},
{
"status": "affected",
"version": "Palawan25"
},
{
"status": "affected",
"version": "Pandeiro"
},
{
"status": "affected",
"version": "QCA4024"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6698AU"
},
{
"status": "affected",
"version": "QCA6777AQ"
},
{
"status": "affected",
"version": "QCA6787AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8075"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8082"
},
{
"status": "affected",
"version": "QCA8084"
},
{
"status": "affected",
"version": "QCA8085"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCA8386"
},
{
"status": "affected",
"version": "QCA9888"
},
{
"status": "affected",
"version": "QCA9889"
},
{
"status": "affected",
"version": "QCC2073"
},
{
"status": "affected",
"version": "QCC2076"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCN5022"
},
{
"status": "affected",
"version": "QCN5024"
},
{
"status": "affected",
"version": "QCN5052"
},
{
"status": "affected",
"version": "QCN5122"
},
{
"status": "affected",
"version": "QCN5124"
},
{
"status": "affected",
"version": "QCN5152"
},
{
"status": "affected",
"version": "QCN5154"
},
{
"status": "affected",
"version": "QCN5164"
},
{
"status": "affected",
"version": "QCN6023"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6122"
},
{
"status": "affected",
"version": "QCN6132"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9000"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9022"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9070"
},
{
"status": "affected",
"version": "QCN9100"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QLN1083BD"
},
{
"status": "affected",
"version": "QLN1086BD"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QPA1083BD"
},
{
"status": "affected",
"version": "QPA1086BD"
},
{
"status": "affected",
"version": "QXM1093"
},
{
"status": "affected",
"version": "QXM1094"
},
{
"status": "affected",
"version": "QXM1095"
},
{
"status": "affected",
"version": "QXM1096"
},
{
"status": "affected",
"version": "SAR2130P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SM6650P"
},
{
"status": "affected",
"version": "SM7435"
},
{
"status": "affected",
"version": "SM7635P"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8475P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 6 Gen 4 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7s Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Elite"
},
{
"status": "affected",
"version": "Snapdragon 8 Elite Gen 5"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9378C"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
},
{
"status": "affected",
"version": "X2000077"
},
{
"status": "affected",
"version": "X2000086"
},
{
"status": "affected",
"version": "X2000090"
},
{
"status": "affected",
"version": "X2000092"
},
{
"status": "affected",
"version": "X2000094"
},
{
"status": "affected",
"version": "XG101002"
},
{
"status": "affected",
"version": "XG101032"
},
{
"status": "affected",
"version": "XG101039"
},
{
"status": "affected",
"version": "XRV7209"
},
{
"status": "affected",
"version": "XRV9209"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:33:46.114Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"title": "Buffer Over-read in WLAN Firmware"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-21367",
"datePublished": "2026-04-06T15:33:46.114Z",
"dateReserved": "2025-12-17T04:35:45.741Z",
"dateUpdated": "2026-04-06T16:22:15.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21371 (GCVE-0-2026-21371)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:33 – Updated: 2026-04-07 03:55
VLAI
Title
Buffer Over-read in WinBlast Driver
Summary
Memory Corruption when retrieving output buffer with insufficient size validation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: Cologne Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QCA0000 Affected: QCA6391 Affected: QCA6420 Affected: QCA6430 Affected: QCM5430 Affected: QCM6490 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SC8380XP Affected: SM6250 Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 7c Compute Platform Affected: Snapdragon 7c Gen 2 Compute Platform "Rennell Pro" Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8c Compute Platform "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform Affected: Snapdragon 8cx Compute Platform "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform Affected: Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro" Affected: Snapdragon 8cx Gen 3 Compute Platform Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378C Affected: WCD9380 Affected: WCD9385 Affected: WCN3950 Affected: WCN3988 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: X2000077 Affected: X2000086 Affected: X2000090 Affected: X2000092 Affected: X2000094 Affected: XG101002 Affected: XG101032 Affected: XG101039 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:55:48.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Mobile"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "Cologne"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA0000"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c Gen 2 Compute Platform \"Rennell Pro\""
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378C"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
},
{
"status": "affected",
"version": "X2000077"
},
{
"status": "affected",
"version": "X2000086"
},
{
"status": "affected",
"version": "X2000090"
},
{
"status": "affected",
"version": "X2000092"
},
{
"status": "affected",
"version": "X2000094"
},
{
"status": "affected",
"version": "XG101002"
},
{
"status": "affected",
"version": "XG101032"
},
{
"status": "affected",
"version": "XG101039"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption when retrieving output buffer with insufficient size validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:33:47.240Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"title": "Buffer Over-read in WinBlast Driver"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-21371",
"datePublished": "2026-04-06T15:33:47.240Z",
"dateReserved": "2025-12-17T04:35:45.742Z",
"dateUpdated": "2026-04-07T03:55:48.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21373 (GCVE-0-2026-21373)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:33 – Updated: 2026-04-07 03:55
VLAI
Title
Buffer Over-read in Camera
Summary
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: Cologne Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QCA0000 Affected: QCA6391 Affected: QCA6420 Affected: QCA6430 Affected: QCM5430 Affected: QCM6490 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SC8380XP Affected: SM6250 Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 7c Compute Platform Affected: Snapdragon 7c Gen 2 Compute Platform "Rennell Pro" Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8c Compute Platform "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform Affected: Snapdragon 8cx Compute Platform "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform Affected: Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro" Affected: Snapdragon 8cx Gen 3 Compute Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378C Affected: WCD9380 Affected: WCD9385 Affected: WCN3950 Affected: WCN3988 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: X2000077 Affected: X2000086 Affected: X2000090 Affected: X2000092 Affected: X2000094 Affected: XG101002 Affected: XG101032 Affected: XG101039 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:55:50.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Mobile"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "Cologne"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA0000"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c Gen 2 Compute Platform \"Rennell Pro\""
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378C"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
},
{
"status": "affected",
"version": "X2000077"
},
{
"status": "affected",
"version": "X2000086"
},
{
"status": "affected",
"version": "X2000090"
},
{
"status": "affected",
"version": "X2000092"
},
{
"status": "affected",
"version": "X2000094"
},
{
"status": "affected",
"version": "XG101002"
},
{
"status": "affected",
"version": "XG101032"
},
{
"status": "affected",
"version": "XG101039"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:33:49.475Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"title": "Buffer Over-read in Camera"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-21373",
"datePublished": "2026-04-06T15:33:49.475Z",
"dateReserved": "2025-12-17T04:35:45.742Z",
"dateUpdated": "2026-04-07T03:55:50.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21374 (GCVE-0-2026-21374)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:33 – Updated: 2026-04-07 03:55
VLAI
Title
Buffer Over-read in Camera
Summary
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AQT1000
Affected: Cologne Affected: FastConnect 6200 Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QCA0000 Affected: QCA6391 Affected: QCA6420 Affected: QCA6430 Affected: QCM5430 Affected: QCM6490 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SC8380XP Affected: SM6250 Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 7c Compute Platform Affected: Snapdragon 7c Gen 2 Compute Platform "Rennell Pro" Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8c Compute Platform "Poipu Lite" Affected: Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" Affected: Snapdragon 8cx Compute Platform Affected: Snapdragon 8cx Compute Platform "Poipu Pro" Affected: Snapdragon 8cx Gen 2 5G Compute Platform Affected: Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro" Affected: Snapdragon 8cx Gen 3 Compute Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: WCD9340 Affected: WCD9341 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378C Affected: WCD9380 Affected: WCD9385 Affected: WCN3950 Affected: WCN3988 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: X2000077 Affected: X2000086 Affected: X2000090 Affected: X2000092 Affected: X2000094 Affected: XG101002 Affected: XG101032 Affected: XG101039 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:55:51.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Mobile"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000"
},
{
"status": "affected",
"version": "Cologne"
},
{
"status": "affected",
"version": "FastConnect 6200"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA0000"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6420"
},
{
"status": "affected",
"version": "QCA6430"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SM6250"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c Gen 2 Compute Platform \"Rennell Pro\""
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8c Compute Platform (SC8180XP-AD) \"Poipu Lite\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Compute Platform \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 2 5G Compute Platform \"Poipu Pro\""
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9341"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378C"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
},
{
"status": "affected",
"version": "X2000077"
},
{
"status": "affected",
"version": "X2000086"
},
{
"status": "affected",
"version": "X2000090"
},
{
"status": "affected",
"version": "X2000092"
},
{
"status": "affected",
"version": "X2000094"
},
{
"status": "affected",
"version": "XG101002"
},
{
"status": "affected",
"version": "XG101032"
},
{
"status": "affected",
"version": "XG101039"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:33:50.515Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"title": "Buffer Over-read in Camera"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-21374",
"datePublished": "2026-04-06T15:33:50.515Z",
"dateReserved": "2025-12-17T04:35:45.742Z",
"dateUpdated": "2026-04-07T03:55:51.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21375 (GCVE-0-2026-21375)
Vulnerability from cvelistv5 – Published: 2026-04-06 15:33 – Updated: 2026-04-07 03:55
VLAI
Title
Buffer Over-read in Camera
Summary
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
Cologne
Affected: FastConnect 6700 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QCA0000 Affected: QCM5430 Affected: QCM6490 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SC8380XP Affected: Snapdragon 460 Mobile Platform Affected: Snapdragon 662 Mobile Platform Affected: Snapdragon 7c+ Gen 3 Compute Affected: Snapdragon 8cx Gen 3 Compute Platform Affected: Snapdragon AR1 Gen 1 Platform Affected: WCD9370 Affected: WCD9375 Affected: WCD9378C Affected: WCD9380 Affected: WCD9385 Affected: WCN3950 Affected: WCN3988 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H Affected: X2000077 Affected: X2000086 Affected: X2000090 Affected: X2000092 Affected: X2000094 Affected: XG101002 Affected: XG101032 Affected: XG101039 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T03:55:52.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Industrial IOT",
"Snapdragon Mobile"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "Cologne"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCA0000"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "Snapdragon 460 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 662 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 7c+ Gen 3 Compute"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378C"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
},
{
"status": "affected",
"version": "X2000077"
},
{
"status": "affected",
"version": "X2000086"
},
{
"status": "affected",
"version": "X2000090"
},
{
"status": "affected",
"version": "X2000092"
},
{
"status": "affected",
"version": "X2000094"
},
{
"status": "affected",
"version": "XG101002"
},
{
"status": "affected",
"version": "XG101032"
},
{
"status": "affected",
"version": "XG101039"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory Corruption when accessing an output buffer without validating its size during IOCTL processing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:33:51.531Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"
}
],
"title": "Buffer Over-read in Camera"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-21375",
"datePublished": "2026-04-06T15:33:51.531Z",
"dateReserved": "2025-12-17T04:35:45.742Z",
"dateUpdated": "2026-04-07T03:55:52.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.