CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-13588

mediumCVSS 5.6covered by 1 sourcefirst seen 2026-06-29
A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion of the file Packet++/src/SSLHandshake.cpp of the component TLS Hello Handler. Executing a manipulation of the argument handshakeVersion can lead to heap-based buffer overflow. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitability is regarded as difficult. The exploit has been publicly disclosed and may be utilized. This patch is called 98e671010bc7c87b95898c22ae289220ae92542b. It is best practice to apply a patch to resolve this issue.

⚡ Watch CVE-2026-13588

Get an email if CVE-2026-13588 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-13588

CVE.org record

Embed the live status

CVE-2026-13588 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-13588 status](https://www.csirts.com/badge/CVE-2026-13588)](https://www.csirts.com/cve/CVE-2026-13588)