CVE-2026-24089
High
Published: 01 June 2026
Published
01 June 2026
Modified
02 June 2026
KEV Added
—
Patch
—
CVSS Score v3.1
7.2
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0002
7.1th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-24089 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm Ar8031 Firmware. Its CVSS base score is 7.2 (High).
Operationally, ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-33846
Vulnerability details
Memory corruption while processing fastboot commands with invalid input.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.Confidence: LOW · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2026-24092Same product: Qualcomm Ar8031
CVE-2026-24087Same product: Qualcomm Ar8031
CVE-2026-24091Same product: Qualcomm Ar8031
CVE-2026-24090Same product: Qualcomm Ar8031
CVE-2026-24085Same product: Qualcomm Ar8031
CVE-2025-59604Same product: Qualcomm Ar8035
CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-59600Same product: Qualcomm Ar8031
CVE-2026-24088Same product: Qualcomm Fastconnect 6200
CVE-2025-47377Same product: Qualcomm Ar8035
Affected Assets
qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
qmp1000 firmware
all versions
qualcomm
qmp2001 firmware
all versions
qualcomm
qpa1083bd firmware
all versions
qualcomm
qpa1086bd firmware
all versions
qualcomm
qrb5165n firmware
all versions
+209 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.