diff --git a/SOURCES/0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch b/SOURCES/0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch
new file mode 100644
index 0000000..d6645d2
--- /dev/null
+++ b/SOURCES/0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch
@@ -0,0 +1,110 @@
+From 63f66492d43c29d8ea70a59567028b21c9c140bb Mon Sep 17 00:00:00 2001
+From: Wim Taymans <wtaymans@redhat.com>
+Date: Tue, 31 Mar 2026 13:17:15 +0200
+Subject: [PATCH] rtpqdm2depay: error out if anyone tries to use this element
+
+Forbid use of this element and comment out all processing code.
+
+There is no plausible reason this code should ever be executed in 2026
+seeing that this was a streaming format produced by Darwin Streaming Server
+ca 2009 which hasn't been in active use for well over a decade.
+
+We simply error out for now as defensive measure and will remove the
+element entirely in the next release cycle.
+
+The processing functions are hairy and rather tedious to fix without
+at least some sample stream at hand.
+
+If anyone actually does have a legitimate need for this element and
+can provide a sample streams, we will happily implement a depayloader
+in Rust.
+
+Fixes ZDI-CAN-28850, ZDI-CAN-28851, ZDI-CAN-28851, ZDI-CAN-28850, GST-SA-2026-0008.
+
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4903
+Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4890
+
+Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/10886>
+---
+ .../gst-plugins-good/gst/rtp/gstrtpqdmdepay.c | 25 ++++++++++++++++++-
+ 1 file changed, 24 insertions(+), 1 deletion(-)
+---
+ gst/rtp/gstrtpqdmdepay.c | 25 ++++++++++++++++++++++++-
+ 1 file changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/gst/rtp/gstrtpqdmdepay.c b/gst/rtp/gstrtpqdmdepay.c
+index 898663aa7..5dbcc548f 100644
+--- a/gst/rtp/gstrtpqdmdepay.c
++++ b/gst/rtp/gstrtpqdmdepay.c
+@@ -50,11 +50,13 @@ GST_STATIC_PAD_TEMPLATE ("sink",
+ G_DEFINE_TYPE (GstRtpQDM2Depay, gst_rtp_qdm2_depay,
+     GST_TYPE_RTP_BASE_DEPAYLOAD);
+ 
++#if 0
+ static const guint8 headheader[20] = {
+   0x0, 0x0, 0x0, 0xc, 0x66, 0x72, 0x6d, 0x61,
+   0x51, 0x44, 0x4d, 0x32, 0x0, 0x0, 0x0, 0x24,
+   0x51, 0x44, 0x43, 0x41
+ };
++#endif
+ 
+ static void gst_rtp_qdm2_depay_finalize (GObject * object);
+ 
+@@ -131,6 +133,7 @@ gst_rtp_qdm2_depay_setcaps (GstRTPBaseDepayload * filter, GstCaps * caps)
+   return TRUE;
+ }
+ 
++#if 0
+ static void
+ flush_data (GstRtpQDM2Depay * depay)
+ {
+@@ -223,10 +226,26 @@ add_packet (GstRtpQDM2Depay * depay, guint32 pid, guint32 len, guint8 * data)
+   memcpy (packet->data + packet->offs, data, len);
+   packet->offs += len;
+ }
++#endif
+ 
+ static GstBuffer *
+ gst_rtp_qdm2_depay_process (GstRTPBaseDepayload * depayload, GstRTPBuffer * rtp)
+ {
++  /* There is no plausible reason this code should ever be executed in 2026
++   * seeing that this was a streaming format produced by Darwin Streaming Server
++   * ca 2009 which hasn't been in active use for well over a decade.
++   *
++   * We simply return here as defensive measure.
++   *
++   * We post an error message in the state change function, so this processing
++   * function should never be reached, we just ifdef the code out for clarity.
++   *
++   * If anyone actually does have a legitimate need for this and can provide
++   * sample streams, we will happily implement a depayloader in Rust.
++   */
++  return NULL;
++
++#if 0
+   GstRtpQDM2Depay *rtpqdm2depay;
+   GstBuffer *outbuf = NULL;
+   guint16 seq;
+@@ -371,6 +390,7 @@ bad_packet:
+         (NULL), ("Packet was too short"));
+     return NULL;
+   }
++#endif
+ }
+ 
+ static GstStateChangeReturn
+@@ -384,7 +404,10 @@ gst_rtp_qdm2_depay_change_state (GstElement * element,
+ 
+   switch (transition) {
+     case GST_STATE_CHANGE_NULL_TO_READY:
+-      break;
++      GST_ELEMENT_ERROR (rtpqdm2depay, STREAM, DECODE,
++          ("This element should not be used."),
++          ("Please report an issue if you encounter this message."));
++      return GST_STATE_CHANGE_FAILURE;
+     case GST_STATE_CHANGE_READY_TO_PAUSED:
+       gst_adapter_clear (rtpqdm2depay->adapter);
+       break;
+-- 
+2.53.0
+
diff --git a/SPECS/gstreamer1-plugins-good.spec b/SPECS/gstreamer1-plugins-good.spec
index 2515917..e29b107 100644
--- a/SPECS/gstreamer1-plugins-good.spec
+++ b/SPECS/gstreamer1-plugins-good.spec
@@ -15,7 +15,7 @@
 
 Name:           gstreamer1-plugins-good
 Version:        1.16.1
-Release:        5%{?gitcommit:.git%{shortcommit}}%{?dist}
+Release:        6%{?gitcommit:.git%{shortcommit}}%{?dist}
 Summary:        GStreamer plugins with good code and licensing
 
 License:        LGPLv2+
@@ -38,6 +38,7 @@ Patch5:		0006-matroskademux-Only-unmap-GstMapInfo-in-WavPack-heade.patch
 Patch6:		0007-matroskademux-Fix-off-by-one-when-parsing-multi-chan.patch
 Patch7:		0008-qtdemux-Fix-integer-overflow-when-allocating-the-sam.patch
 Patch8:		0009-qtdemux-Make-sure-only-an-even-number-of-bytes-is-pr.patch
+Patch9:         0001-rtpqdm2depay-error-out-if-anyone-tries-to-use-this-e.patch
 
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@@ -180,6 +181,7 @@ to be installed.
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1
 
 %build
 %configure --disable-silent-rules --disable-fatal-warnings \
@@ -364,6 +366,10 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
 
 
 %changelog
+* Tue Mar 31 2026 Wim Taymans <wtaymans@redhat.com> - 1.16.1-6
+- Add patch for CVE-2026-3083 and CVE-2026-3085
+  Resolves: RHEL-156183, RHEL-156153
+
 * Mon Dec 16 2024 Wim Taymans <wtaymans@redhat.com> - 1.16.1-5
 - CVE-2024-47537, CVE-2024-47539, CVE-2024-47540, CVE-2024-47606,
   CVE-2024-47613