PatchSiren cyber security CVE debrief
CVE-2026-0127 Google CVE debrief
CVE-2026-0127 is a vulnerability in NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp. This issue allows for a possible out-of-bounds read due to memory corruption, which could lead to a remote denial of service causing a communication processor crash. No additional execution privileges are needed for exploitation, and user interaction is not required.
- Vendor
- Product
- Android
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of affected Android devices should apply patches to prevent potential denial-of-service attacks.
Technical summary
The vulnerability is located in NrmmMsgCodec::DecodeUPUTransparentContext of cn_NrmmDecoder.cpp. It allows for an out-of-bounds read due to memory corruption.
Defensive priority
High
Recommended defensive actions
- Apply patches from the vendor as soon as they become available.
- Monitor system logs for signs of potential exploitation attempts.
Evidence notes
The CVE was published on 2026-06-16T20:16:23.637Z and last modified on 2026-06-16T20:42:25.013Z. The vendor is listed as Unknown Vendor with low confidence, and the product name is not specified. The canonical source is reference_domain_weak.
Official resources
-
CVE-2026-0127 CVE record
CVE.org
-
CVE-2026-0127 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0127 was published on 2026-06-16T20:16:23.637Z.