PatchSiren cyber security CVE debrief
CVE-2026-0130 Google CVE debrief
CVE-2026-0130 is a vulnerability in the RtcpChunk::decodeRtcpChunk function that could lead to a possible out of bounds read due to a heap buffer overflow. This could result in remote information disclosure with no additional execution privileges needed. User interaction is required for exploitation. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0130) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-0130).
- Vendor
- Product
- Android
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Android users and developers should be aware of this vulnerability and take necessary precautions to ensure their devices are updated with the latest security patches.
Technical summary
The vulnerability is caused by a heap buffer overflow in the RtcpChunk::decodeRtcpChunk function. This could lead to a possible out of bounds read, resulting in remote information disclosure.
Defensive priority
high
Recommended defensive actions
- Update devices with the latest security patches.
- Review and apply updates from the vendor.
Evidence notes
The vendor is listed as Unknown Vendor, but there is evidence that the vulnerability affects Android.
Official resources
-
CVE-2026-0130 CVE record
CVE.org
-
CVE-2026-0130 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0130 was published on 2026-06-16T20:16:23.900Z and last modified on 2026-06-16T20:42:25.013Z.