CVE-2026-0128: Information disclosure in Google Android
CVE-2026-0128 is a vulnerability in Google Android involving an out of bounds read caused by an integer overflow in the RtcpFbPacket::decodeRtcpFbPacket function. Exploitation requires user interaction and could lead to remote information disclosure without needing additional execution privileges. No patch or remediation information is currently available.
AI Analysis
Technical Summary
This vulnerability arises from an integer overflow in the decodeRtcpFbPacket function of Android's handling of RTCP feedback packets. The overflow can cause an out of bounds read, potentially allowing an attacker to disclose information remotely. Exploitation requires user interaction, and no additional privileges are necessary. There is no CVSS score or vendor advisory indicating a fix or mitigation at this time.
Potential Impact
Successful exploitation can lead to remote information disclosure on affected Android devices. No privilege escalation or code execution is required. The attacker must convince the user to interact with malicious content to trigger the vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or mitigation instructions are currently available.
CVE-2026-0128: Information disclosure in Google Android
Description
CVE-2026-0128 is a vulnerability in Google Android involving an out of bounds read caused by an integer overflow in the RtcpFbPacket::decodeRtcpFbPacket function. Exploitation requires user interaction and could lead to remote information disclosure without needing additional execution privileges. No patch or remediation information is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from an integer overflow in the decodeRtcpFbPacket function of Android's handling of RTCP feedback packets. The overflow can cause an out of bounds read, potentially allowing an attacker to disclose information remotely. Exploitation requires user interaction, and no additional privileges are necessary. There is no CVSS score or vendor advisory indicating a fix or mitigation at this time.
Potential Impact
Successful exploitation can lead to remote information disclosure on affected Android devices. No privilege escalation or code execution is required. The attacker must convince the user to interact with malicious content to trigger the vulnerability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or mitigation instructions are currently available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Google_Devices
- Date Reserved
- 2025-10-23T08:43:29.413Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a31a45c0b89be6888151e96
Added to database: 6/16/2026, 7:30:36 PM
Last enriched: 6/16/2026, 8:01:40 PM
Last updated: 6/17/2026, 4:58:01 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.