Cyber Resilience

CVE-2026-24089

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 7.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24089 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm Ar8031 Firmware. Its CVSS base score is 7.2 (High).

Operationally, ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory corruption while processing fastboot commands with invalid input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24092Same product: Qualcomm Ar8031
CVE-2026-24087Same product: Qualcomm Ar8031
CVE-2026-24091Same product: Qualcomm Ar8031
CVE-2026-24090Same product: Qualcomm Ar8031
CVE-2026-24085Same product: Qualcomm Ar8031
CVE-2025-59604Same product: Qualcomm Ar8035
CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-59600Same product: Qualcomm Ar8031
CVE-2026-24088Same product: Qualcomm Fastconnect 6200
CVE-2025-47377Same product: Qualcomm Ar8035

Affected Assets

qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
qmp1000 firmware
all versions
qualcomm
qmp2001 firmware
all versions
qualcomm
qpa1083bd firmware
all versions
qualcomm
qpa1086bd firmware
all versions
qualcomm
qrb5165n firmware
all versions
+209 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References