New Android security update addresses 129 vulnerabilities and mitigates an actively exploited zero-day threat.

The eagerly awaited Google March 2026 Android Security Update addresses 129 significant flaws in the system's security infrastructure.

The substantial upgrade is among the most patch-intensive releases seen recently.

The deployment of patches consists of two separate phases: version 2026-03-01 and 2026-03-05, allowing vendors ample time to swiftly implement updates for fundamental Android vulnerabilities prior to tackling intricate problems related to specific devices' hardware configurations.

This document highlights an extremely critical security risk: a rare flaw that attackers have already used for specific, isolated cyberattacks.

Actively Exploited Zero-Day: CVE-2026-21385

In this month's release, CVE-2026-21385 stands out as a critical vulnerability affecting an open-source Qualcomm Display module due to its severe security implications.

The technical assessment suggests that this problem arises due to an integer over/underflow error leading to corrupted memory while performing memory allocations at improper alignments.

google

Field Details

CVE ID CVE-2026-21385

Severity High

Component Qualcomm Display

Issue Integer overflow leading to memory corruption

Impact System instability and device compromise

The status is marked as patched for March 2026; it remains vulnerable to exploitation by only some attackers.

Both Google and Qualcomm confirm they've detected instances where hackers exploit this security flaw for specific purposes only.

Due to this issue being present within the graphics card's driver software, attackers might exploit it to circumvent stringent protection mechanisms and alter vital data storage areas.

Individuals who use Android phones equipped with impacted Qualcomm processors encounter heightened security concerns; they should promptly install this update for enhanced protection.

Past the initial vulnerability assessment, the update scheduled for March 1st of next year addresses multiple significant security issues on the system without requiring any action by users, making it easier for attackers to misuse them.

Among this group, CVE-2026-0006 stands out as particularly perilous; it's an RCE flaw residing within the fundamental System module.

With successful exploitation, an external intruder might execute harmful software without requiring further permissions.

Furthermore, an update was applied to the Android framework addressing CVE-2026-0047, which is classified as a severe privilege escalation flaw.

Exploits tied to EoP vulnerabilities frequently accompany remote code execution attacks for attackers aiming to gain extensive control of infected systems.

Vendor-Specific Component Flaws

A specific update scheduled for March 5th, 2026, targets fixing 66 security flaws discovered across proprietary and public domain computer parts sourced externally.

CVE ID Component Vulnerability Type Severity

CVE-2026-21385 Qualcomm Display Zero-Day (Memory Corruption) High

CVE-2026-0006 System Remote Code Execution (RCE) Critical

CVE-2025-48631 System Denial of Service (DoS) Critical

CVE-2026-0047 Framework Elevation of Privilege (EoP) Critical

CVE-2024-43859 Kernel (F2FS) Elevation of Privilege (EoP) Critical

CVE-2026-0037 Kernel (pKVM) Elevation of Privilege (EoP) Critical

Google worked in conjunction with prominent manufacturers to address critical vulnerabilities affecting devices produced by ARM Holdings, Imagination Technologies Inc. , MediaTek Inc. , and Unisocs Ltd.

These updates resolve several elevated privilege and information disclosure flaws pervasively found in modem devices, virtual machines, and graphics processing unit software components.

The detailed collection of software updates underscores the perpetual difficulty in safeguarding intricate mobile networks against sophisticated cyberattacks.