CVE-2026-7378
Published: 30 April 2026
Summary
CVE-2026-7378 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Wireshark Wireshark. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of software flaws such as the heap-based buffer overflow in sharkd, enabling updates to patched Wireshark versions.
Mandates validation of information inputs to detect and reject malformed data that triggers the buffer overflow crash in sharkd during packet capture processing.
Implements runtime memory protections like address space layout randomization and non-executable heap memory to mitigate exploitation of the heap-based buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in sharkd causes process crash on malformed input, directly enabling application exploitation for endpoint denial of service.
NVD Description
Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Deeper analysisAI
CVE-2026-7378 is a heap-based buffer overflow vulnerability (CWE-122) in sharkd, the remote dissection daemon component of Wireshark, affecting versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The flaw triggers a crash when processing malformed input, resulting in a denial-of-service condition. It has a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), rated as medium severity due to its local scope and high availability impact.
An attacker with local access can exploit this vulnerability with low complexity and no required privileges, but it necessitates user interaction, such as convincing a user to open or process a specially crafted file or packet capture via sharkd. Successful exploitation causes the sharkd process to crash, disrupting Wireshark's remote dissection functionality and leading to denial of service without affecting confidentiality or integrity.
Wireshark's security advisory WNPA-SEC-2026-49 and the associated GitLab work item (21207) document the issue and provide guidance on mitigation, including recommendations to update to patched versions beyond the affected ranges. Security practitioners should review these references for specific patch details and workarounds.
Details
- CWE(s)