CVE-2026-3203 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-3203 PUBLISHED CVSS 5.5 MEDIUM

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

EPSS 0.03% · 9.8th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.03%

9.8th percentile

Affected Products

Vendor	Product	Versions
Wireshark Foundation	Wireshark	4.4.0, 4.4.0, 4.6.0
wireshark	wireshark	4.6.0, 4.4.0, 4.6.0

Timeline

Feb 25, 2026 CVE ID Reserved
Feb 25, 2026 CVE Published
Feb 26, 2026 EPSS Score
Feb 26, 2026 PoC Published
Feb 26, 2026 PoC Published
Feb 27, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 1, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 2, 2026 PoC Published
Mar 3, 2026 EPSS Score
Mar 4, 2026 EPSS Score

References

https://www.wireshark.org/security/wnpa-sec-2026-07.html advisory
https://www.wireshark.org/security/wnpa-sec-2026-06.html advisory
https://www.wireshark.org/security/wnpa-sec-2026-05.html advisory
GitLab Issue #21009 issue
https://nvd.nist.gov/vuln/detail/CVE-2026-3203 advisory
GitLab Issue #20972 issue

Open in Interactive Console →