What is the CVSS score of CVE-2026-5402?

CVE-2026-5402 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Wireshark are affected by CVE-2026-5402?

Wireshark versions 4.6.0 through 4.6.4 contain a heap overflow in the TLS dissector that enables remote code execution when users open malicious packet capture files or inspect crafted network…. A patch is available.

Wireshark CVE-2026-5402

EUVD-2026-26318 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-04-30 GitLab

RCE Buffer Overflow Denial Of Service Heap Overflow Red Hat Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

May 01, 2026 - 19:26 nvd

Patch available

Apr 30, 2026 - 08:16 EUVD

Analysis Updated

Apr 30, 2026 - 07:27 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 30, 2026 - 07:22 vuln.today

cvss_changed

Analysis Generated

Apr 30, 2026 - 06:46 vuln.today

EUVD ID Assigned

Apr 30, 2026 - 06:30 euvd

EUVD-2026-26318

Analysis Generated

Apr 30, 2026 - 06:30 vuln.today

CVE Published

Apr 30, 2026 - 05:39 nvd

HIGH 8.8

DescriptionNVD

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

AnalysisAI

Heap overflow in Wireshark 4.6.0 through 4.6.4 TLS protocol dissector enables remote code execution when a user opens a malicious capture file or inspects crafted network traffic. The vulnerability requires user interaction (UI:R) but no authentication, making it exploitable via social engineering. …

RemediationAI

Within 24 hours: Restrict Wireshark usage to versions 4.4.x or earlier; disable automatic file opening in Wireshark settings. Within 7 days: Inventory all Wireshark deployments (versions 4.6.0-4.6.4) across the organization; issue security bulletin to users warning against opening capture files from untrusted sources. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory