Cyber Posture

CVE-2026-7376

MediumPublic PoC

Published: 30 April 2026

Published
30 April 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0002 5.7th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7376 is a medium-severity NULL Pointer Dereference (CWE-476) vulnerability in Wireshark Wireshark. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates timely remediation of the known NULL pointer dereference flaw in Wireshark sharkd via patching to prevent the DoS crash.

SI-16 Memory Protection good match
prevent

Protects against memory safety vulnerabilities like NULL pointer dereferences (CWE-476) that cause crashes in sharkd.

SI-11 Error Handling partial match
prevent

Ensures graceful error handling for conditions like NULL pointer dereferences to avoid system crashes and DoS in sharkd.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

NULL pointer dereference in sharkd directly enables local crash for denial of service, matching Application or System Exploitation under Endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Deeper analysisAI

CVE-2026-7376 is a vulnerability affecting the sharkd component in Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. It stems from a NULL pointer dereference (CWE-476) that causes a crash, enabling a denial of service condition. The CVSS v3.1 base score is 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), indicating medium severity with high availability impact.

A local attacker can exploit this vulnerability under low attack complexity with no privileges required, but user interaction is necessary. Exploitation triggers a crash in the sharkd process, resulting in denial of service through high availability disruption, with no impacts on confidentiality or integrity.

Wireshark security advisory WNPA-sec-2026-48 provides details on the issue at https://www.wireshark.org/security/wnpa-sec-2026-48.html. Further discussion and resolution tracking are available in the Wireshark GitLab work item at https://gitlab.com/wireshark/wireshark/-/work_items/21206. Security practitioners should review these resources for patch availability and mitigation guidance.

Details

CWE(s)
CWE-476

Affected Products

wireshark
wireshark
4.4.0 — 4.4.15 · 4.6.0 — 4.6.5

CVEs Like This One

CVE-2026-3202Same product: Wireshark Wireshark
CVE-2026-7379Same product: Wireshark Wireshark
CVE-2026-7378Same product: Wireshark Wireshark
CVE-2026-7375Same product: Wireshark Wireshark
CVE-2026-6519Same product: Wireshark Wireshark
CVE-2025-1492Same product: Wireshark Wireshark
CVE-2026-5654Same product: Wireshark Wireshark
CVE-2026-3203Same product: Wireshark Wireshark
CVE-2026-6520Same product: Wireshark Wireshark
CVE-2026-3201Same product: Wireshark Wireshark

References