CVSS Score v3.1
7.2
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0002
7.1th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-24091 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm C-V2X 9150 Firmware . Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
Memory corruption while processing fastboot commands with improperly formatted input.
CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques? Memory corruption via malformed fastboot input directly enables local privilege escalation through code execution in bootloader context.
Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2026-24085 Same product: Qualcomm 5G Fixed Wireless Access Platform CVE-2026-21385 Same product: Qualcomm 5G Fixed Wireless Access Platform CVE-2025-47379 Same product: Qualcomm 5G Fixed Wireless Access Platform
Affected Assets
qualcomm
c-v2x 9150 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
cq8750m firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
csrb31024 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
+263 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.