Out-of-Bounds Read Vulnerability in Android Pixels and Nexus Devices
CVE-2026-0157

4.3MEDIUM

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
16 June 2026

What is CVE-2026-0157?

A notable out-of-bounds read vulnerability exists within the RtcpHeader::decodeRtcpHeader method of the Android operating system. The issue arises from a lack of proper bounds checking, potentially enabling attackers to read sensitive information from memory. This vulnerability allows for remote information disclosure without the need for user interaction or additional execution privileges, making it a significant concern for users of Android Pixel and Nexus devices.

Affected Version(s)

Android Android kernel

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.