Cyber Resilience

CVE-2026-24087

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 7.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24087 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm Ar8031 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory corruption while processing fastboot OEM commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Memory corruption in fastboot OEM command processing directly enables local exploitation for privilege escalation on affected devices.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24092Same product: Qualcomm Ar8031
CVE-2026-24091Same product: Qualcomm Ar8031
CVE-2026-24089Same product: Qualcomm Ar8031
CVE-2026-24085Same product: Qualcomm Ar8031
CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-47377Same product: Qualcomm Ar8035
CVE-2025-59600Same product: Qualcomm Ar8031
CVE-2025-47389Same product: Qualcomm Ar8035
CVE-2026-24082Same product: Qualcomm Ar8031
CVE-2025-47386Same product: Qualcomm Ar8031

Affected Assets

qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
qpa1083bd firmware
all versions
qualcomm
qpa1086bd firmware
all versions
qualcomm
qrb5165n firmware
all versions
qualcomm
qru1032 firmware
all versions
qualcomm
qualcomm dragonwing qru100 platform firmware
all versions
+205 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References