PatchSiren cyber security CVE debrief
CVE-2026-0129 Google CVE debrief
CVE-2026-0129 is a vulnerability in RtcpByePacket::decodeByePacket due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. The CVE was published on {cvePublishedAt} and modified on {cveModifiedAt}.
- Vendor
- Product
- Android
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of Android devices should be aware of this vulnerability and take steps to protect themselves.
Technical summary
The vulnerability exists in the RtcpByePacket::decodeByePacket function, where a missing bounds check can lead to remote information disclosure.
Defensive priority
High
Recommended defensive actions
- Apply the patch as soon as possible.
- Use secure communication protocols to prevent exploitation.
Evidence notes
The CVE record and NVD detail can be found at {resourceLinkAnnotations.cve-org} and {resourceLinkAnnotations.nvd}, respectively.
Official resources
-
CVE-2026-0129 CVE record
CVE.org
-
CVE-2026-0129 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0129 was published on 2026-06-16T20:16:23.813Z and modified on 2026-06-16T20:42:25.013Z.