Critical Zero-Day Exploits Hit Android, Cisco

The Qualcomm vulnerability, identified as CVE-2026-21385, is a memory corruption flaw stemming from an integer overflow in the graphics component. This high-severity bug affects over 235 unique Qualcomm chipsets, potentially exposing hundreds of millions of Android devices globally to targeted attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities catalog, mandating a patch for federal agencies by March 24, 2026. The Cisco exploit targets a critical vulnerability, CVE-2026-20127, with a perfect 10.0 CVSS severity score. This flaw in Catalyst SD-WAN gear allows a remote, unauthenticated attacker to completely bypass authentication and gain administrative privileges. A sophisticated threat actor, tracked as UAT-8616, has been actively exploiting this zero-day since at least 2023. Attackers targeting the Cisco vulnerability have been observed chaining it with a separate, older flaw (CVE-2022-20775) to achieve persistent root access. This multi-step attack involves downgrading the software to exploit the older bug for privilege escalation, and then reverting the system to its original version to cover their tracks. The AVideo-Encoder flaw is a critical zero-click vulnerability in the open-source AVideo platform, which allows for unauthenticated remote command execution. The vulnerability, present in version 6.0, exists in how the software processes image requests, allowing attackers to inject malicious commands and potentially hijack streams or compromise the server. Patches have been made available in subsequent versions of the software.