CVE-2026-3201 - Vulnerability Analysis
MediumCVSS: 4.7Last Updated: February 26, 2026
Wireshark - Denial of Service
Overview
Wireshark 4.4.0 to 4.4.13 and 4.6.0 to 4.6.3 contain a denial of service caused by memory exhaustion in the USB HID protocol dissector, letting attackers cause application crash, exploit requires crafted USB HID packets.
Severity & Score
Impact
Attackers can cause Wireshark to crash, resulting in denial of service.
Mitigation
Update to a version later than 4.6.3 or 4.4.13.
References
Social Media Activity(1 post)
RE: https://infosec.exchange/@geraldcombs/116133603929246605 #Wireshark 4.6.4 resolves 3 denial of service vulnerabilities in the following protocol dissectors:USB HID https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3201NTS-KE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3202RF4CE Profile https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3203 The new release also includes a bug fix for #JA4 fingerprints of TLS handshakes with odd ALPN values as well as an important update of the #SOCKS parser, which now enables more reliable extraction of data from within SOCKS tunnels.
View original postRelated Resources
Details
- CVE ID
- CVE-2026-3201
- Severity
- Medium
- CVSS Score
- 4.7
- Type
- denial_of_service
- Status
- confirmed
- EPSS
- 2.1%
- Social Posts
- 1
CWE
- CWE-1325
- CWE-770
CVSS Metrics
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H