diff --git a/pkgs/development/libraries/gupnp/default.nix b/pkgs/development/libraries/gupnp/default.nix
index bd8151d603e..c91d25123f6 100644
--- a/pkgs/development/libraries/gupnp/default.nix
+++ b/pkgs/development/libraries/gupnp/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv
 , fetchurl
+, fetchpatch
 , meson
 , ninja
 , pkg-config
@@ -28,6 +29,14 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-96AwfqUfXkTRuDL0k92QRURKOk4hHvhd/Zql3W6up9E=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2021-33516.patch";
+      url = "https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac.patch";
+      sha256 = "sha256-G7e/xNQB7Kp2fPzqVeD/cH3h1co9hZXh55QOUBnAnvU=";
+    })
+  ];
+
   nativeBuildInputs = [
     meson
     ninja