Google has released a security bulletin addressing nearly 130 vulnerabilities, including the critical zero-day (CVE-2026-21385) in Qualcomm chips that could allow attackers to gain unauthorized control of affected Android devices.

Affected systems

Multiple Android devices using Qualcomm Snapdragon processors

Security Risks

Identified vulnerabilities in Qualcomm components may be exploited by attackers with access to a device, potentially enabling execution of malicious code or unauthorized control, which could compromise device functionality and user data.

For the complete list of security patches released by Google, please refer to the Android Security Bulletin - March 2026.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

• Follow and implement the security updates provided by Google to reduce the risk of vulnerability exploitation. For additional information on Android platform protections and Google Play Protect, refer to Android and Google Play Protect mitigations.

• Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://source.android.com/docs/security/bulletin/2026/2026-03-01

• https://www.securityweek.com/android-update-patches-exploited-qualcomm-zero-day/

• https://docs.qualcomm.com/securitybulletin/march-2026-bulletin.html