PatchSiren cyber security CVE debrief
CVE-2026-0160 Google CVE debrief
CVE-2026-0160 is a vulnerability in the TextRtpPayloadDecoderNode component. An out of bounds write can lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-0160) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-0160).
- Vendor
- Product
- Android
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Android users and developers should be aware of this vulnerability. The [source reference](ref-4) provides additional information on the security bulletin.
Technical summary
The vulnerability is caused by a missing bounds check in TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp. This can lead to an out of bounds write, potentially allowing remote code execution.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates from the vendor as soon as available.
- Review and follow security guidelines provided by the vendor.
Evidence notes
The vendor and product information is currently unknown. The [CVE record](cve-org) and [NVD detail](nvd) provide additional information on the vulnerability.
Official resources
-
CVE-2026-0160 CVE record
CVE.org
-
CVE-2026-0160 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-0160 was published on 2026-06-16T20:16:26.517Z and last modified on 2026-06-16T20:42:25.013Z.