CVE-2026-3202
Published: 25 February 2026
Summary
CVE-2026-3202 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Wireshark Wireshark. Its CVSS base score is 4.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 6.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
CVE-2026-3202 affects the NTS-KE protocol dissector in Wireshark versions 4.6.0 through 4.6.3, causing a crash that enables denial of service. Published on 2026-02-25, the vulnerability stems from CWE-476 (NULL Pointer Dereference) and carries a CVSS v3.1 base score of 4.7 (AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H).
An attacker with local access can exploit this vulnerability by crafting malicious input, such as a packet capture file containing malformed NTS-KE traffic, and tricking a user into opening or dissecting it in Wireshark. The attack demands high complexity and user interaction but requires no privileges, resulting solely in high-impact availability disruption through application crash, with no confidentiality or integrity effects.
Mitigation details are available in the Wireshark security advisory at https://www.wireshark.org/security/wnpa-sec-2026-06.html and the associated GitLab issue at https://gitlab.com/wireshark/wireshark/-/issues/21000.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8661
Vulnerability details
NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a NULL pointer dereference in Wireshark that directly results in an application crash (DoS) when a crafted pcap is opened; this precisely matches T1499.004 Application or System Exploitation for achieving availability impact via vulnerability-triggered crash.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches to eliminate the NULL-pointer flaw in the NTS-KE dissector before a crafted pcap can crash Wireshark.
Mandates robust input validation on untrusted files, which would have prevented the malformed NTS-KE traffic from reaching the dereference code path.
Restricts installation and execution of protocol analyzers to only those versions and features required, reducing exposure to the vulnerable 4.6.0-4.6.3 code.