What is CVE-2026-0962?

A medium-severity denial of service vulnerability exists in Wireshark versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 due to a crash in the SOME/IP-SD protocol dissector. Organizations should address this vulnerability to maintain service availability.

What is the severity of CVE-2026-0962?

CVE-2026-0962 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2026-0962 | Medium Vulnerability in Wireshark

CVE-2026-0962 is a medium-severity vulnerability affecting Wireshark, specifically versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12. This vulnerability allows denial of service due to a crash in the SOME/IP-SD protocol dissector. The CVSS score of 5.3 indicates a moderate impact on availability, which is crucial for organizations relying on network analysis tools.

Organizations using affected versions should be particularly cautious as the vulnerability can lead to service disruptions. While there is no known exploit available at this time, the potential for denial of service means that swift action is required to mitigate risks.

Given the nature of the vulnerability and its implications, organizations should prioritize patching. Wireshark has released updates to address the issue, and organizations should implement these updates as part of their immediate response strategy.

The vulnerability was published on January 14, 2026, and organizations are urged to take action now to ensure their systems remain secure and operational.

Vulnerability Details

The official description notes that the SOME/IP-SD protocol dissector crash in Wireshark versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service. The CVSS score from the primary source is 6.5, indicating medium severity, and it reflects the impact of high availability loss.

Technical Analysis

The root cause of this vulnerability is a flaw in the SOME/IP-SD protocol dissector that can lead to a crash when parsing certain input. The attack vector is network-based, which means it could be exploited remotely without physical access to the vulnerable system.

The attack complexity is rated as high, requiring user interaction to trigger the vulnerability. No privileges are required for an attacker to exploit this vulnerability, making it particularly concerning.

This vulnerability impacts availability significantly, and organizations should monitor their systems for any anomalies that could indicate exploitation attempts.

Risk & Impact Analysis

Risk to organizations includes potential service outages as a result of this vulnerability. Given the reliance on Wireshark for network monitoring and analysis, the blast radius could be significant, affecting multiple systems and users.

Organizations should assess the urgency of addressing this vulnerability based on their operational environment. The CVSS score of 6.5 suggests this should be included in the priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12. Organizations using these versions should upgrade to versions beyond 4.4.12 and 4.6.3 to mitigate this vulnerability.

Mitigation & Remediation

To address this vulnerability, organizations should apply the latest patches provided by Wireshark. Specifically, they should upgrade to versions beyond 4.4.12 and 4.6.3.

In cases where immediate patching is not feasible, implementing network controls to restrict access to vulnerable versions may be necessary. Additionally, monitoring systems for behavioral anomalies can help detect potential exploitation attempts.

For ongoing security posture improvement, organizations may consider engaging in penetration testing to identify similar weaknesses.

Detection Guidance

Monitoring for log indicators associated with abnormal behavior in the Wireshark application can provide early detection of potential exploitation attempts. Behavioral anomalies such as unexpected crashes or high resource usage may indicate that the vulnerability is being targeted.

Network signatures that track specific traffic patterns associated with the SOME/IP-SD protocol can also help in identifying potential threats.

AppSecure Threat Intelligence Insight

From a long-term perspective, CVE-2026-0962 highlights the importance of maintaining regular updates and patches for network analysis tools like Wireshark. As vulnerabilities evolve, continuous assessment of dependencies and their configurations will be critical.

This incident represents a trend toward increasing vulnerabilities in widely used network protocols, emphasizing the need for proactive security measures and robust incident response strategies.

Organizations are advised to enhance their security awareness programs to ensure all stakeholders understand the risks associated with software vulnerabilities and the importance of timely remediation.

For further reading on security best practices, organizations can refer to resources on penetration testing methodology and vulnerability management programs for effective security practices.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-0962: Medium Vulnerability in Wireshark