Cyber Resilience

CVE-2026-24091

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 7.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24091 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm C-V2X 9150 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory corruption while processing fastboot commands with improperly formatted input.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Memory corruption via malformed fastboot input directly enables local privilege escalation through code execution in bootloader context.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24092Same product: Qualcomm Ar8031
CVE-2026-24087Same product: Qualcomm Ar8031
CVE-2026-24085Same product: Qualcomm 5G Fixed Wireless Access Platform
CVE-2026-24089Same product: Qualcomm Ar8031
CVE-2026-21385Same product: Qualcomm 5G Fixed Wireless Access Platform
CVE-2025-47379Same product: Qualcomm 5G Fixed Wireless Access Platform
CVE-2025-47386Same product: Qualcomm Ar8031
CVE-2025-47376Same product: Qualcomm Ar8031
CVE-2025-47375Same product: Qualcomm Ar8031
CVE-2025-47373Same product: Qualcomm Ar8035

Affected Assets

qualcomm
c-v2x 9150 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
cq8750m firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
csrb31024 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
+263 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References