Cyber Resilience

CVE-2026-24085

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 4.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24085 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Qualcomm Qca6391 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory Corruption when processing display command line information due to improper initialization of a variable.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack buffer overflow (CWE-121) directly enables local exploitation for privilege escalation via memory corruption during command-line processing.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24091Same product: Qualcomm 5G Fixed Wireless Access Platform
CVE-2025-47391Same product: Qualcomm Fastconnect 6200
CVE-2026-24092Same product: Qualcomm Ar8031
CVE-2026-24087Same product: Qualcomm Ar8031
CVE-2026-21385Same product: Qualcomm 5G Fixed Wireless Access Platform
CVE-2025-47379Same product: Qualcomm 5G Fixed Wireless Access Platform
CVE-2025-47386Same product: Qualcomm Ar8031
CVE-2025-47376Same product: Qualcomm Ar8031
CVE-2025-47375Same product: Qualcomm Ar8031
CVE-2025-47373Same product: Qualcomm Ar8035

Affected Assets

qualcomm
qca6391 firmware
all versions
qualcomm
qca6564au firmware
all versions
qualcomm
qca6574 firmware
all versions
qualcomm
qca6574a firmware
all versions
qualcomm
qca6574au firmware
all versions
qualcomm
qca6584au firmware
all versions
qualcomm
qca6595 firmware
all versions
qualcomm
qca6595au firmware
all versions
qualcomm
qca6678aq firmware
all versions
qualcomm
qca6688aq firmware
all versions
+263 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References