PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5403 Wireshark Foundation CVE debrief

A vulnerability in Wireshark's SBC codec handling can lead to a denial of service and potential code execution. The issue affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. This CVE has a CVSS score of 7.8 and is considered high severity. The vulnerability is caused by a crash in the SBC codec handling. Users should update to a patched version of Wireshark to mitigate this vulnerability.

Vendor
Wireshark Foundation
Product
Wireshark
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-01
Original CVE updated
2026-06-30
Advisory published
2026-05-01
Advisory updated
2026-06-30

Who should care

Network administrators and security teams responsible for managing Wireshark installations should be aware of this vulnerability. Additionally, developers working with Wireshark or similar network protocol analyzers may need to take precautions. Users of Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 are at risk and should take action.

Technical summary

The CVE-2026-5403 vulnerability is caused by a crash in the SBC codec handling in Wireshark. This can lead to a denial of service and potentially allow for code execution. The vulnerability affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.8, indicating high severity. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

This vulnerability has a high CVSS score of 7.8, indicating that it should be prioritized for remediation. Network administrators and security teams should take immediate action to update Wireshark to a patched version.

Recommended defensive actions

  • Update Wireshark to a patched version (4.6.5 or later, or 4.4.15 or later)
  • Review and apply vendor-provided security advisories and patches
  • Monitor network traffic and system logs for potential exploitation attempts
  • Consider implementing compensating controls, such as network segmentation or access restrictions
  • Verify that Wireshark installations are up-to-date and compliant with organizational security policies

Evidence notes

The CVE-2026-5403 vulnerability is documented in the official CVE record and NVD detail pages. Additional information can be found in vendor advisories and issue tracking systems. The vulnerability affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.

Official resources

This article is AI-assisted and based on the supplied source corpus.