CVE-2026-3203 – A vulnerability in Wireshark's RF4CE Profile pr... (How to Fix)

Q: What is the severity of CVE-2026-3203?

CVE-2026-3203 has a CVSS score of 5.5 (MEDIUM). A vulnerability in Wireshark's RF4CE Profile protocol dissector causes crashes when processing malicious network packets, leading to denial of service. This affects Wireshark users analyzing RF4CE protocol traffic in versions 4.6.0-4.6.3 and 4.4.0-4.4.13.

📋 TL;DR

A vulnerability in Wireshark's RF4CE Profile protocol dissector causes crashes when processing malicious network packets, leading to denial of service. This affects Wireshark users analyzing RF4CE protocol traffic in versions 4.6.0-4.6.3 and 4.4.0-4.4.13.

💻 Affected Systems

Products:

Wireshark

Versions: 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13

Operating Systems: All platforms running Wireshark

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects users analyzing RF4CE protocol traffic; other protocol analysis is unaffected.

📦 What is this software?

Wireshark by Wireshark

View all CVEs affecting Wireshark →

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark crashes repeatedly when analyzing malicious RF4CE traffic, preventing network analysis and potentially disrupting monitoring workflows.

🟠

Likely Case

Wireshark crashes when encountering specially crafted RF4CE packets, requiring restart and potentially losing capture data.

🟢

If Mitigated

Limited impact if Wireshark is not used for RF4CE protocol analysis or if traffic filtering is implemented.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; it's a network analysis tool run locally.

🏢 Internal Only: MEDIUM - Internal users running vulnerable Wireshark versions for network analysis could experience crashes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending malicious RF4CE packets that the vulnerable Wireshark instance analyzes.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Wireshark 4.6.4 and 4.4.14

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2026-07.html

Restart Required: Yes

Instructions:

1. Download latest Wireshark from wireshark.org. 2. Install over existing version. 3. Restart Wireshark.

🔧 Temporary Workarounds

Disable RF4CE protocol dissector

all

Prevents Wireshark from parsing RF4CE traffic, avoiding the crash vulnerability.

wireshark -o rf4ce.desegment: FALSE

Filter RF4CE traffic

all

Use capture filters to exclude RF4CE traffic from analysis.

not rf4ce

🧯 If You Can't Patch

Avoid analyzing RF4CE protocol traffic with vulnerable Wireshark versions.
Use alternative network analysis tools for RF4CE traffic until patching is possible.

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version via Help → About Wireshark or 'wireshark -v' command.

Check Version:

wireshark -v

Verify Fix Applied:

Verify version is 4.6.4+ or 4.4.14+ and test with RF4CE traffic.

📡 Detection & Monitoring

Log Indicators:

Wireshark crash logs, segmentation fault errors in system logs

Network Indicators:

RF4CE protocol traffic to monitoring systems

SIEM Query:

EventID: 1000 Application Error for wireshark.exe OR 'segmentation fault' AND 'wireshark'

📊 Metadata

CVE ID: CVE-2026-3203

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-126

Published: February 25, 2026

Last Updated: February 26, 2026

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/21009 Issue Tracking
https://www.wireshark.org/security/wnpa-sec-2026-07.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-3203, you might also want to check these: