PatchSiren cyber security CVE debrief
CVE-2026-0147 Google CVE debrief
CVE-2026-0147 is an out of bounds write vulnerability in __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- Vendor
- Product
- Android
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Android users and developers
Technical summary
A possible out of bounds write due to a missing bounds check in __mfc_core_nal_q_get_dec_metadata_sei_nal of mfc_core_nal_q.c could lead to remote code execution with no additional execution privileges needed.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by the vendor
- Use secure coding practices to prevent similar vulnerabilities
Evidence notes
Vendor: Unknown Vendor, Product: likely Android
Official resources
-
CVE-2026-0147 CVE record
CVE.org
-
CVE-2026-0147 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0147 was published on 2026-06-16T20:16:25.440Z and modified on 2026-06-16T20:42:25.013Z.