CVE-2026-25276
Analyzed Analyzed - Analysis Complete
Memory Corruption in Strongbox Due to Missing Bounds Check

Publication date: 2026-06-01

Last updated on: 2026-06-02

Assigner: Qualcomm, Inc.

Description
Memory corruption while using Strongbox due to missing bounds check.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-02
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-25276
EUVD
EUVD-2026-33826
Affected Vendors & Products
Showing 57 associated CPEs
Vendor Product Version / Range
qualcomm cq8750m_firmware *
qualcomm fastconnect_6700_firmware *
qualcomm fastconnect_6800_firmware *
qualcomm fastconnect_6900_firmware *
qualcomm fastconnect_7800_firmware *
qualcomm g3x_gen_2_firmware *
qualcomm pandeiro_firmware *
qualcomm qca6391_firmware *
qualcomm qca6698au_firmware *
qualcomm qca6797aq_firmware *
qualcomm qcm5430_firmware *
qualcomm qcm6490_firmware *
qualcomm qcm8838_firmware *
qualcomm qcn9011_firmware *
qualcomm qcn9012_firmware *
qualcomm qcs8550_firmware *
qualcomm video_collaboration_vc3_platform_firmware *
qualcomm sd865_5g_firmware *
qualcomm sdr753_firmware *
qualcomm sm8550p_firmware *
qualcomm sm8650q_firmware *
qualcomm sm8750p_firmware *
qualcomm snapdragon_460_mobile_platform_firmware *
qualcomm snapdragon_662_mobile_platform_firmware *
qualcomm snapdragon_8_elite_firmware *
qualcomm snapdragon_8_elite_gen_5_firmware *
qualcomm snapdragon_8_gen_2_mobile_platform_firmware *
qualcomm snapdragon_8_gen_3_mobile_platform_firmware *
qualcomm snapdragon_8+_gen_2_mobile_platform_firmware *
qualcomm snapdragon_865_5g_mobile_platform_firmware *
qualcomm snapdragon_865+_5g_mobile_platform_firmware *
qualcomm snapdragon_870_5g_mobile_platform_firmware *
qualcomm snapdragon_ar1_gen_1_platform_firmware *
qualcomm snapdragon_x55_5g_modem-rf_system_firmware *
qualcomm snapdragon_xr2_5g_platform_firmware *
qualcomm snapdragon_xr2+_gen_1_platform_firmware *
qualcomm wcd9370_firmware *
qualcomm wcd9375_firmware *
qualcomm wcd9380_firmware *
qualcomm wcd9385_firmware *
qualcomm wcd9390_firmware *
qualcomm wcd9395_firmware *
qualcomm wcn3950_firmware *
qualcomm wcn3988_firmware *
qualcomm wcn7760_firmware *
qualcomm wcn7860_firmware *
qualcomm wcn7861_firmware *
qualcomm wcn7880_firmware *
qualcomm wcn7881_firmware *
qualcomm wsa8810_firmware *
qualcomm wsa8815_firmware *
qualcomm wsa8830_firmware *
qualcomm wsa8832_firmware *
qualcomm wsa8835_firmware *
qualcomm wsa8840_firmware *
qualcomm wsa8845_firmware *
qualcomm wsa8845h_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory corruption issue that occurs when using Strongbox due to a missing bounds check.

Impact Analysis

The vulnerability has a high severity with a CVSS base score of 8.8, indicating it can lead to significant impacts including high confidentiality, integrity, and availability losses.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25276. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart