CVE-2026-0128 | In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out…

Description

In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Metadata

CVE ID: CVE-2026-0128
State: PUBLISHED
Assigner: Google_Devices
Reserved: 2025-10-23 08:43 UTC
Published: 2026-06-16 18:51 UTC
Last updated: 2026-06-16 18:51 UTC
Vendor / Product: Google / Android
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Google	Android	—	Android kernel

Weakness (CWE)

CWE	Source	Description
—	cna	Information disclosure

References (1)

https://source.android.com/docs/security/bulletin/pixel/2026/2026-06-01