CVE-2026-3606 is a security vulnerability identified in Ettercap version 0.8.4-Garofalo, a popular open-source network security tool used for man-in-the-middle attacks and network protocol analysis. The vulnerability exists in the add_data_segment function within the etterfilter component, located in the source file src/ettercap/utils/etterfilter/ef_output.c. The flaw is an out-of-bounds read, meaning the function reads memory outside the intended buffer boundaries. This can lead to leakage of sensitive data or cause undefined behavior, including potential crashes. Exploitation requires local access with low privileges, and no user interaction is needed. The vulnerability was responsibly disclosed early to the project, but no patch or response has been issued yet. The CVSS 4.0 vector indicates low attack complexity, no user interaction, and limited scope, resulting in a medium severity score of 4.8. Although no active exploits are known, the public disclosure increases the risk of future exploitation. Ettercap is widely used by security professionals and attackers alike, so this vulnerability could be leveraged in local privilege escalation or information disclosure scenarios if combined with other attack vectors.

The primary impact of CVE-2026-3606 is unauthorized disclosure of memory contents due to out-of-bounds reading, which can expose sensitive information such as credentials, cryptographic keys, or internal program data. While the vulnerability does not directly allow code execution or privilege escalation, it can be a stepping stone in multi-stage attacks. The requirement for local access and low privileges limits remote exploitation but does not eliminate risk in environments where attackers have gained initial footholds. Systems running Ettercap 0.8.4-Garofalo, especially in security monitoring or penetration testing roles, may be at risk of data leakage or instability. The lack of a patch and public exploit disclosure increases the urgency for mitigation. Organizations relying on Ettercap for network analysis or security testing should be aware of potential confidentiality breaches and operational disruptions.

To mitigate CVE-2026-3606, organizations should first avoid using the affected version 0.8.4-Garofalo of Ettercap. If upgrading to a patched version is not yet possible due to the lack of an official fix, consider the following steps: restrict local access to systems running Ettercap to trusted administrators only; employ strict access controls and monitoring to detect unauthorized local activity; use containerization or sandboxing to isolate Ettercap processes and limit memory exposure; monitor logs for unusual Ettercap usage patterns; and consider disabling or removing the etterfilter component if not essential. Additionally, maintain up-to-date backups and prepare for rapid patch deployment once a fix is released. Security teams should also educate users about the risks of local privilege misuse and enforce least privilege principles to reduce attack surface.