CVE-2026-24087
High
Published: 01 June 2026
Published
01 June 2026
Modified
02 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.2
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0002
7.1th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-24087 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm Ar8031 Firmware. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-33844
Vulnerability details
Memory corruption while processing fastboot OEM commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?
Memory corruption in fastboot OEM command processing directly enables local exploitation for privilege escalation on affected devices.
Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2026-24092Same product: Qualcomm Ar8031
CVE-2026-24091Same product: Qualcomm Ar8031
CVE-2026-24089Same product: Qualcomm Ar8031
CVE-2026-24085Same product: Qualcomm Ar8031
CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-47377Same product: Qualcomm Ar8035
CVE-2025-59600Same product: Qualcomm Ar8031
CVE-2025-47389Same product: Qualcomm Ar8035
CVE-2026-24082Same product: Qualcomm Ar8031
CVE-2025-47386Same product: Qualcomm Ar8031
Affected Assets
qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
qpa1083bd firmware
all versions
qualcomm
qpa1086bd firmware
all versions
qualcomm
qrb5165n firmware
all versions
qualcomm
qru1032 firmware
all versions
qualcomm
qualcomm dragonwing qru100 platform firmware
all versions
+205 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.