CVE Field Guide
About Us
CVE-2026-25266
PUBLISHED
Exposed dangerous function in windows host
Assigner:
qualcomm
Reserved:
02.02.2026
Published:
04.05.2026
Updated:
04.05.2026
Memory corruption while processing IOCTL command when device is in power-save state.
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score:
5.5
CVSS score
5.5
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
None
Privileges Required
Low
Integrity Impact
None
User Interaction
None
Availability Impact
High
CVSS 3.1
Product Status
Vendor
Qualcomm, Inc.
Product
Snapdragon
Versions
Default:
unaffected
Version Cologne is affected
Version FastConnect 6900 is affected
Version FastConnect 7800 is affected
Version SC8380XP is affected
Version Snapdragon AR1 Gen 1 Platform is affected
Version WCD9378C is affected
Version WCD9380 is affected
Version WCD9385 is affected
Version WCN7861 is affected
Version WCN7880 is affected
Version WSA8830 is affected
Version WSA8832 is affected
Version WSA8835 is affected
Version WSA8840 is affected
Version WSA8845 is affected
Version WSA8845H is affected
Version X2000077 is affected
Version X2000086 is affected
Version X2000090 is affected
Version X2000092 is affected
Version X2000094 is affected
Version XG101002 is affected
Version XG101032 is affected
Version XG101039 is affected
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html
Problem Types
CWE-749: Exposed Dangerous Method or Function
CWE