Cyber Resilience

CVE-2026-24092

High

Published: 01 June 2026

Published
01 June 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0002 7.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24092 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Qualcomm Ar8031 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Memory Corruption when processing fastboot commands to set display mode.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Memory corruption in fastboot command handler directly enables local privilege escalation via crafted input leading to code execution in bootloader context.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-24087Same product: Qualcomm Ar8031
CVE-2026-24091Same product: Qualcomm Ar8031
CVE-2026-24089Same product: Qualcomm Ar8031
CVE-2026-24085Same product: Qualcomm Ar8031
CVE-2025-47373Same product: Qualcomm Ar8035
CVE-2025-59600Same product: Qualcomm Ar8031
CVE-2025-47377Same product: Qualcomm Ar8035
CVE-2025-47389Same product: Qualcomm Ar8035
CVE-2026-24082Same product: Qualcomm Ar8031
CVE-2026-21385Same product: Qualcomm Ar8031

Affected Assets

qualcomm
ar8031 firmware
all versions
qualcomm
ar8035 firmware
all versions
qualcomm
cologne firmware
all versions
qualcomm
cq7790 firmware
all versions
qualcomm
cq8725s firmware
all versions
qualcomm
cq8750m firmware
all versions
qualcomm
csra6620 firmware
all versions
qualcomm
csra6640 firmware
all versions
qualcomm
fastconnect 6200 firmware
all versions
qualcomm
fastconnect 6700 firmware
all versions
+208 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References