GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer contains a remote code execution vulnerability (CVE-2026-3086) rated 7.8 CVSS High severity that allows attackers to execute arbitrary code when the library is used in applications. An attacker can leverage this flaw to gain code execution on systems running vulnerable GStreamer implementations, with the specific attack vectors depending on how individual applications integrate the library. Security teams should prioritize patching GStreamer and applications that depend on it, and review their software inventory to identify all systems using this multimedia framework.