CVE Field Guide
About Us
CVE-2026-21371
PUBLISHED
Buffer Over-read in WinBlast Driver
Assigner:
qualcomm
Reserved:
17.12.2025
Published:
06.04.2026
Updated:
06.04.2026
Memory Corruption when retrieving output buffer with insufficient size validation.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score:
7.8
CVSS score
7.8
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
High
Privileges Required
Low
Integrity Impact
High
User Interaction
None
Availability Impact
High
CVSS 3.1
Product Status
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
Default:
unaffected
Version AQT1000 is affected
Version Cologne is affected
Version FastConnect 6200 is affected
Version FastConnect 6700 is affected
Version FastConnect 6800 is affected
Version FastConnect 6900 is affected
Version FastConnect 7800 is affected
Version QCA0000 is affected
Version QCA6391 is affected
Version QCA6420 is affected
Version QCA6430 is affected
Version QCM5430 is affected
Version QCM6490 is affected
Version Qualcomm Video Collaboration VC3 Platform is affected
Version SC8380XP is affected
Version SM6250 is affected
Version Snapdragon 460 Mobile Platform is affected
Version Snapdragon 662 Mobile Platform is affected
Version Snapdragon 7c Compute Platform is affected
Version Snapdragon 7c Gen 2 Compute Platform "Rennell Pro" is affected
Version Snapdragon 7c+ Gen 3 Compute is affected
Version Snapdragon 8c Compute Platform "Poipu Lite" is affected
Version Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" is affected
Version Snapdragon 8cx Compute Platform is affected
Version Snapdragon 8cx Compute Platform "Poipu Pro" is affected
Version Snapdragon 8cx Gen 2 5G Compute Platform is affected
Version Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro" is affected
Version Snapdragon 8cx Gen 3 Compute Platform is affected
Version WCD9340 is affected
Version WCD9341 is affected
Version WCD9370 is affected
Version WCD9375 is affected
Version WCD9378C is affected
Version WCD9380 is affected
Version WCD9385 is affected
Version WCN3950 is affected
Version WCN3988 is affected
Version WSA8810 is affected
Version WSA8815 is affected
Version WSA8830 is affected
Version WSA8835 is affected
Version WSA8840 is affected
Version WSA8845 is affected
Version WSA8845H is affected
Version X2000077 is affected
Version X2000086 is affected
Version X2000090 is affected
Version X2000092 is affected
Version X2000094 is affected
Version XG101002 is affected
Version XG101032 is affected
Version XG101039 is affected
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html
Problem Types
CWE-126 Buffer Over-read
CWE