Android Security Update March 2026: Patches 129 Vulnerabilities Including Actively Exploited Zero-Day CVE-2026-21385

Google rolled out the March 2026 Android Security Bulletin with fixes for 129 vulnerabilities. This update tackles one of the biggest patch lists in recent months. It splits into two levels: 2026-03-01 for core Android issues and 2026-03-05 for vendor hardware flaws.

The top threat is CVE-2026-21385, a high-severity zero-day in Qualcomm’s Display component. An integer overflow triggers memory corruption. Google and Qualcomm confirm limited real-world attacks already. Devices with Qualcomm chipsets need this patch fast to avoid compromise.

The 2026-03-01 patches hit critical flaws too. CVE-2026-0006 brings remote code execution in the System component. No user action required for attackers to strike. CVE-2026-0047 fixes elevation of privilege in Android Framework. These often chain for full device takeover.

Hardware makers like Arm, MediaTek, and Unisoc got 66 fixes in the 2026-03-05 level. Issues span modems, GPUs, and hypervisors. Most rate critical for privilege escalation or data leaks.

Google Statement: “The March 2026 Security Bulletin addresses 129 vulnerabilities, including actively exploited CVE-2026-21385. Check your patch level now.”

Key Vulnerabilities Patched

Check your device’s patch level in Settings > Security. Aim for 2026-03-05 or later. Google pushes Play Protect to block exploit attempts. AOSP code drops in 48 hours for custom ROMs.

Vendor Impacts

• Qualcomm: Display driver zero-day under attack.
• MediaTek: Modem and GPU escalation flaws.
• Arm: Hypervisor privilege gains.
• Unisoc: Information disclosure risks.

Enterprises should enforce updates via MDM. Watch for odd app behavior or crashes tied to memory bugs.

FAQ