The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-21381

CVE-2026-21381: Qualcomm AR8035 Firmware DOS Vulnerability

CVE-2026-21381 is a denial of service vulnerability in Qualcomm AR8035 Firmware caused by excessive frame length in network protocol connections. This post covers technical details, affected versions, impact, and mitigation.

Published: April 10, 2026

CVE-2026-21381 Overview

CVE-2026-21381 is a Denial of Service vulnerability affecting Qualcomm chipset firmware that occurs when processing service data frames over Neighborhood Awareness Network (NAN) protocol connections. The vulnerability is triggered when a device receives a service data frame with excessive length during the device matching phase, resulting in a transient denial of service condition.

This vulnerability impacts a wide range of Qualcomm products including Snapdragon mobile platforms, FastConnect wireless modules, and various firmware components used in smartphones, IoT devices, and networking equipment. The flaw is classified under CWE-126 (Buffer Over-read), indicating the firmware fails to properly validate the length of incoming NAN service data frames before processing.

Critical Impact

Attackers can remotely trigger denial of service conditions on affected Qualcomm-based devices by sending specially crafted NAN protocol frames, potentially disrupting device connectivity and availability without requiring authentication.

Affected Products

  • Qualcomm Snapdragon 8 Elite, Snapdragon 8 Gen 3, Snapdragon 6/7 Series Mobile Platforms
  • Qualcomm FastConnect 6200, 6700, 6900, 7800 Wi-Fi/Bluetooth Modules
  • Qualcomm WCN Series (WCN3988, WCN6450, WCN6650, WCN6755, WCN7860/7861/7880/7881)
  • Qualcomm Snapdragon X72/X75 5G Modem-RF Systems
  • Qualcomm AR8035, QCA6391, QCA6698AU, and numerous QCA/QCN networking chipsets

Discovery Timeline

  • April 6, 2026 - CVE-2026-21381 published to NVD
  • April 8, 2026 - Last updated in NVD database

Technical Details for CVE-2026-21381

Vulnerability Analysis

The vulnerability exists in the NAN (Neighborhood Awareness Network) protocol implementation within Qualcomm chipset firmware. NAN is a Wi-Fi Alliance specification that enables devices to discover nearby services and devices in a power-efficient manner without requiring an access point or cellular connection.

The flaw manifests during the device matching phase of NAN connections, where the firmware processes service data frames exchanged between devices. When a malformed frame with an excessive length value is received, the firmware attempts to read beyond allocated buffer boundaries, triggering a buffer over-read condition (CWE-126).

This vulnerability can be exploited remotely over the network without authentication. An attacker within wireless range can craft malicious NAN service data frames that cause affected devices to enter a transient denial of service state, disrupting wireless connectivity.

Root Cause

The root cause is insufficient input validation in the NAN protocol handler when processing the length field of incoming service data frames. The firmware does not adequately verify that the declared frame length matches the actual received data or falls within expected bounds. This missing boundary check allows an attacker to trigger a buffer over-read by specifying an excessive length value in the frame header, causing the firmware to access memory beyond the allocated buffer.

Attack Vector

The attack can be executed remotely over the network by any device within wireless range of the target. The attacker does not require any privileges or authentication on the target device. The attack flow involves:

  1. The attacker enables NAN discovery mode on their device or uses a custom wireless tool
  2. The attacker crafts a malicious NAN service data frame with an excessive length value in the header
  3. The malformed frame is transmitted over the air to nearby devices with NAN enabled
  4. Affected Qualcomm-based devices receive and attempt to process the frame
  5. The buffer over-read condition triggers, causing a transient denial of service

The vulnerability does not result in data confidentiality or integrity impacts, but can repeatedly disrupt device availability while the attack continues.

Detection Methods for CVE-2026-21381

Indicators of Compromise

  • Unexpected Wi-Fi or wireless connectivity interruptions on Qualcomm-based devices
  • System logs showing NAN protocol errors or wireless subsystem crashes
  • Devices repeatedly losing NAN connections or experiencing service discovery failures
  • Wireless controller or access point logs showing unusual NAN frame patterns

Detection Strategies

  • Monitor wireless network traffic for anomalous NAN protocol frames with unusual length values
  • Implement wireless intrusion detection systems (WIDS) with rules to detect malformed NAN frames
  • Track device stability metrics to identify patterns of wireless subsystem restarts or connectivity drops
  • Review system diagnostic logs for firmware crashes related to NAN or Wi-Fi subsystems

Monitoring Recommendations

  • Enable verbose logging on wireless infrastructure to capture NAN protocol events
  • Deploy wireless sensors capable of monitoring 802.11 management and action frames
  • Establish baseline metrics for device wireless connectivity to detect anomalies
  • Configure alerting on repeated wireless subsystem errors or unexpected device reboots

How to Mitigate CVE-2026-21381

Immediate Actions Required

  • Review the Qualcomm Security Bulletin April 2026 for affected products and patch availability
  • Apply firmware updates from device manufacturers (OEMs) as they become available
  • Consider disabling NAN functionality on affected devices where the feature is not required
  • Implement network segmentation to limit exposure of affected devices to untrusted wireless networks

Patch Information

Qualcomm has addressed this vulnerability in their April 2026 security bulletin. Organizations should monitor their device manufacturers for firmware updates that incorporate the Qualcomm patches. The fix involves adding proper length validation for NAN service data frames to prevent buffer over-read conditions.

For detailed patch information and affected chipset versions, refer to the Qualcomm Security Bulletin April 2026.

Workarounds

  • Disable Neighborhood Awareness Network (NAN) / Wi-Fi Aware functionality on devices where it is not operationally required
  • Limit device exposure to untrusted wireless environments until patches are applied
  • Use enterprise wireless networks with strong access controls to reduce exposure to rogue devices
  • Monitor affected devices for signs of exploitation and isolate any exhibiting symptoms
bash
# Android devices - Check Wi-Fi Aware status (requires ADB access)
adb shell cmd wifi status | grep -i aware

# To disable Wi-Fi Aware programmatically, application code or MDM policy may be required
# Consult device manufacturer documentation for specific disable procedures

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechQualcomm
  • SeverityHIGH
  • CVSS Score7.5
  • EPSS Probability0.03%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-126
  • Vendor Resources
  • Qualcomm Security Bulletin April 2026
  • Related CVEs
  • CVE-2026-21367: Qualcomm AR8035 Firmware DOS Vulnerability
  • CVE-2025-47384: Qualcomm 5G FWA Platform DOS Vulnerability
  • CVE-2025-47371: Qualcomm 5G FWA Platform DOS Vulnerability
  • CVE-2025-21435: Qualcomm AR8035 Firmware DOS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English