Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.
The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.
« Memory corruption when adding user-supplied data without checking available buffer space, » Qualcomm said in an advisory,
