CVE Catalog

CVE-2026-0149

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile - higher than 19% of all known CVEs

Summary

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed.

Risk Assessment

This vulnerability poses a serious risk to organizations as it allows remote code execution without user interaction, potentially leading to system takeover.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor systems for unauthorized activity.

Original NVD description (English source)

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS