What is the CVSS score of CVE-2026-5403?

CVE-2026-5403 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Wireshark are affected by CVE-2026-5403?

Wireshark versions 4.4.0-4.4.14 and 4.6.0-4.6.4 contain a heap buffer overflow in the SBC codec handler that enables local code execution when analysts open malicious packet capture files, creating…. A patch is available.

Wireshark CVE-2026-5403

HIGH

Heap-based Buffer Overflow (CWE-122)

2026-04-30 GitLab

RCE Buffer Overflow Denial Of Service Heap Overflow Red Hat Suse

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 30, 2026 - 23:45 vuln.today

Analysis Generated

Apr 30, 2026 - 23:30 vuln.today

CVE Published

Apr 30, 2026 - 23:04 nvd

HIGH 7.8

DescriptionNVD

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

AnalysisAI

Heap buffer overflow in Wireshark's SBC codec handler enables local code execution when processing malicious capture files. Affects Wireshark versions 4.4.0-4.4.14 and 4.6.0-4.6.4. …

RemediationAI

Within 24 hours: identify all Wireshark installations in use across the organization and document current versions. Within 7 days: restrict opening untrusted .pcap files to isolated sandbox environments until patched; review Wireshark Foundation advisory WNPA-sec-2026-16 for available mitigations. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory