CVE-2026-13589
seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow
CVSS Score
5.6
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is publicly available and might be used. The identifier of the patch is 98e671010bc7c87b95898c22ae289220ae92542b. It is recommended to apply a patch to fix this issue.
| CWE | CWE-122 CWE-119 |
| Vendor | seladb |
| Product | pcapplusplus |
| Published | Jun 29, 2026 |
| Last Updated | Jun 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for seladb pcapplusplus
Be the first to know when new medium vulnerabilities affecting seladb pcapplusplus are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
seladb / PcapPlusPlus
25.05
References
vuldb.com: https://vuldb.com/vuln/374592 vuldb.com: https://vuldb.com/vuln/374592/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13589 vuldb.com: https://vuldb.com/submit/844482 github.com: https://github.com/seladb/PcapPlusPlus/issues/2152 github.com: https://github.com/seladb/PcapPlusPlus/pull/2161 github.com: https://github.com/user-attachments/files/28214571/poc.zip github.com: https://github.com/seladb/PcapPlusPlus/commit/98e671010bc7c87b95898c22ae289220ae92542b github.com: https://github.com/seladb/PcapPlusPlus/
Credits
๐ TYGLS (VulDB User)