CVE-2026-3202
Published: 25 February 2026
Summary
CVE-2026-3202 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Wireshark Wireshark. Its CVSS base score is 4.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a NULL pointer dereference in Wireshark that directly results in an application crash (DoS) when a crafted pcap is opened; this precisely matches T1499.004 Application or System Exploitation for achieving availability impact via vulnerability-triggered crash.
NVD Description
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service
Deeper analysisAI
CVE-2026-3202 affects the NTS-KE protocol dissector in Wireshark versions 4.6.0 through 4.6.3, causing a crash that enables denial of service. Published on 2026-02-25, the vulnerability stems from CWE-476 (NULL Pointer Dereference) and carries a CVSS v3.1 base score of 4.7 (AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H).
An attacker with local access can exploit this vulnerability by crafting malicious input, such as a packet capture file containing malformed NTS-KE traffic, and tricking a user into opening or dissecting it in Wireshark. The attack demands high complexity and user interaction but requires no privileges, resulting solely in high-impact availability disruption through application crash, with no confidentiality or integrity effects.
Mitigation details are available in the Wireshark security advisory at https://www.wireshark.org/security/wnpa-sec-2026-06.html and the associated GitLab issue at https://gitlab.com/wireshark/wireshark/-/issues/21000.
Details
- CWE(s)