diff --git a/0001-riff-Correctly-check-that-enough-RGB-palette-data-is.patch b/0001-riff-Correctly-check-that-enough-RGB-palette-data-is.patch
new file mode 100644
index 0000000..420b82a
--- /dev/null
+++ b/0001-riff-Correctly-check-that-enough-RGB-palette-data-is.patch
@@ -0,0 +1,44 @@
+From 9ed23ad51f1da683dcd5a0646b0b9e76e12f41de Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
+Date: Wed, 11 Feb 2026 19:44:34 +0200
+Subject: [PATCH] riff: Correctly check that enough RGB palette data is
+ available
+
+This can otherwise overflow and result in out-of-bounds reads/writes.
+
+Fixes GST-SA-2026-0004, ZDI-CAN-28854, CVE-2026-2921.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4901
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10882>
+---
+ subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c b/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c
+index 74f99d6ad1..df4c4f09b0 100644
+--- a/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c
++++ b/subprojects/gst-plugins-base/gst-libs/gst/riff/riff-media.c
+@@ -994,7 +994,7 @@ gst_riff_create_video_caps (guint32 codec_fcc,
+   if (palette) {
+     GstBuffer *copy;
+     guint num_colors;
+-    gsize size;
++    gsize expected_size, size;
+ 
+     if (strf != NULL)
+       num_colors = strf->num_colors;
+@@ -1003,7 +1003,9 @@ gst_riff_create_video_caps (guint32 codec_fcc,
+ 
+     size = gst_buffer_get_size (palette);
+ 
+-    if (size >= (num_colors * 4)) {
++    if (!g_size_checked_mul (&expected_size, num_colors, 4)) {
++      GST_WARNING ("Palette too large: broken file");
++    } else if (size >= expected_size) {
+       guint8 *pdata;
+ 
+       /* palette is always at least 256*4 bytes */
+-- 
+2.53.0
+
diff --git a/gstreamer1-plugins-base.spec b/gstreamer1-plugins-base.spec
index 663755c..0f0b901 100644
--- a/gstreamer1-plugins-base.spec
+++ b/gstreamer1-plugins-base.spec
@@ -9,7 +9,7 @@
 
 Name:           gstreamer1-plugins-base
 Version:        1.24.11
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        GStreamer streaming media framework base plugins
 
 License:        LGPL-2.1-or-later
@@ -21,7 +21,8 @@ Source0:        gst-plugins-base-%{version}.tar.xz
 %else
 Source0:        http://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-base-%{version}.tar.xz
 %endif
-Patch0:         0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
+Patch000:       0001-missing-plugins-Remove-the-mpegaudioversion-field.patch
+Patch001:       0001-riff-Correctly-check-that-enough-RGB-palette-data-is.patch
 
 BuildRequires:  meson >= 0.48.0
 BuildRequires:  gcc
@@ -123,6 +124,7 @@ for the GStreamer Base Plugins library.
 %prep
 %setup -q -n gst-plugins-base-%{version}
 %patch -P 0 -p1
+%patch -P 1 -p3
 
 %build
 %meson \
@@ -504,6 +506,10 @@ chrpath --delete $RPM_BUILD_ROOT%{_bindir}/gst-play-1.0
 %endif
 
 %changelog
+* Mon Mar 30 2025 Wim Taymans <wtaymans@redhat.com> - 1.24.11-2
+- Apply patch for CVE-2026-2921
+  Resolves: RHEL-156120
+
 * Tue Jan 14 2025 Wim Taymans <wtaymans@redhat.com> - 1.24.11-1
 - Update to 1.24.11
   Resolves: RHEL-73675