CVE-2026-0960 – This vulnerability in Wireshark's HTTP3 protoco... (How to Fix)

Q: What is the severity of CVE-2026-0960?

CVE-2026-0960 has a CVSS score of 4.7 (MEDIUM). This vulnerability in Wireshark's HTTP3 protocol dissector causes an infinite loop when processing specially crafted packets, leading to denial of service. It affects Wireshark users analyzing HTTP3 traffic, potentially causing the application to hang or crash.

📋 TL;DR

This vulnerability in Wireshark's HTTP3 protocol dissector causes an infinite loop when processing specially crafted packets, leading to denial of service. It affects Wireshark users analyzing HTTP3 traffic, potentially causing the application to hang or crash.

💻 Affected Systems

Products:

Wireshark

Versions: 4.6.0 to 4.6.2

Operating Systems: Windows, Linux, macOS, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when HTTP3 protocol dissection is enabled (default).

📦 What is this software?

Wireshark by Wireshark

View all CVEs affecting Wireshark →

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark becomes completely unresponsive, requiring process termination and potentially losing unsaved packet captures.

🟠

Likely Case

Wireshark hangs or crashes when encountering malicious HTTP3 traffic, disrupting network analysis activities.

🟢

If Mitigated

Limited impact as Wireshark restarts quickly, though analysis interruption occurs.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; exploitation requires local access or packet injection into monitored traffic.

🏢 Internal Only: MEDIUM - Internal attackers could disrupt network analysis by injecting malicious packets into monitored traffic.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires ability to send specially crafted HTTP3 packets to network being monitored.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.6.3 and later

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2026-04.html

Restart Required: Yes

Instructions:

1. Download Wireshark 4.6.3 or later from wireshark.org. 2. Install over existing version. 3. Restart Wireshark and any related services.

🔧 Temporary Workarounds

Disable HTTP3 dissection

all

Temporarily disable HTTP3 protocol dissection to prevent infinite loop

Edit preferences -> Protocols -> HTTP3 -> Uncheck 'Enable HTTP3 dissection'

🧯 If You Can't Patch

Restrict network monitoring to trusted sources only
Use network segmentation to isolate Wireshark systems from untrusted traffic

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version via Help -> About Wireshark. If version is 4.6.0, 4.6.1, or 4.6.2, system is vulnerable.

Check Version:

wireshark --version

Verify Fix Applied:

Verify version is 4.6.3 or later and test HTTP3 packet capture functionality.

📡 Detection & Monitoring

Log Indicators:

Wireshark process crashes or hangs
High CPU usage by Wireshark without completion

Network Indicators:

Malformed HTTP3 packets targeting monitored networks

SIEM Query:

ProcessName="wireshark" AND (EventID=1000 OR CPUUsage>90) AND Duration>30s

📊 Metadata

CVE ID: CVE-2026-0960

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-835

EPSS Score: 0.01% exploit probability (0.8th percentile)

Published: January 14, 2026

Last Updated: January 21, 2026

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/20944 Exploit,Issue Tracking,Patch,Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2026-04.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0960, you might also want to check these: