Cyber Posture

CVE-2026-21367

High

Published: 06 April 2026

Published
06 April 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0003 9.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21367 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Ar8035 Firmware. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the buffer over-read vulnerability by remediating the flaw in processing nonstandard FILS Discovery Frames as specified in the Qualcomm April 2026 security bulletin.

SI-10 Information Input Validation good match
prevent

Requires validation of frame action sizes during wireless initial scans to prevent buffer over-reads from out-of-range values in FILS Discovery Frames.

SI-16 Memory Protection good match
prevent

Implements memory protections that mitigate the effects of buffer over-reads triggered by malformed FILS Discovery Frames in the wireless stack.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Buffer over-read in Wi-Fi FILS frame processing directly enables crafted network frames to crash the target (Endpoint DoS via vulnerability exploitation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.

Deeper analysisAI

CVE-2026-21367 is a vulnerability that triggers a transient denial-of-service (DoS) condition when processing nonstandard FILS Discovery Frames containing out-of-range action sizes during initial scans. The issue stems from CWE-126 (Buffer Over-read) and affects Qualcomm products, as documented in their security bulletin.

Exploitation is possible over the network (AV:N) but demands high attack complexity (AC:H), high privileges (PR:H), and user interaction (UI:R). A successful attack changes scope (S:C) and achieves high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an overall CVSS 3.1 score of 7.6.

Mitigation details are provided in the Qualcomm April 2026 security bulletin available at https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html.

Details

CWE(s)
CWE-126

Affected Products

qualcomm
ar8035 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
csr8811 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
fwa gen 3 ultra firmware
all versions
qualcomm
g2 gen 1 firmware
all versions
qualcomm
immersive home 214 platform firmware
all versions
+140 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-21381Same product: Qualcomm Ar8035
CVE-2025-59600Same product: Qualcomm Ar8035
CVE-2026-21378Same product: Qualcomm Cologne
CVE-2026-21374Same product: Qualcomm Cologne
CVE-2026-21376Same product: Qualcomm Cologne
CVE-2026-21373Same product: Qualcomm Cologne
CVE-2026-21371Same product: Qualcomm Cologne
CVE-2026-21375Same product: Qualcomm Cologne
CVE-2024-53027Same product: Qualcomm Ar8035
CVE-2025-47390Same product: Qualcomm Cologne

References