CVE-2026-25276 PUBLISHED

Improper Validation of Array Index in Secure Processor

Assigner: qualcomm
Reserved: 02.02.2026 Published: 01.06.2026 Updated: 02.06.2026

Memory corruption while using Strongbox due to missing bounds check.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.8

Product Status

Vendor Qualcomm, Inc.
Product Snapdragon
Versions Default: unaffected
  • Version Snapdragon 8 Gen 2 Mobile Platform is affected
  • Version Snapdragon 8+ Gen 2 Mobile Platform is affected
  • Version Snapdragon 8 Gen 3 Mobile Platform is affected
  • Version Snapdragon 8 Elite is affected
  • Version Snapdragon 8 Elite Gen 5 is affected

References

Problem Types

  • CWE-129 Improper Validation of Array Index CWE