Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Apple Hide My Email Flaw Exposed Real User Email Addresses
July 1, 2026
Home/CyberSecurity News/Critical Wireshark Vulnerabilities Allow Remote Code Execution
CyberSecurity News

Critical Wireshark Vulnerabilities Allow Remote Code Execution

Key Takeaways Wireshark has released a critical security update, version 4.6.5, addressing over 40 vulnerabilities. Multiple flaws, including in the TLS and RDP dissectors, could lead to remote code...

Jennifer sherman
Jennifer sherman
May 1, 2026 4 Min Read
47 0

Key Takeaways

  • Wireshark has released a critical security update, version 4.6.5, addressing over 40 vulnerabilities.
  • Multiple flaws, including in the TLS and RDP dissectors, could lead to remote code execution (RCE).
  • Other vulnerabilities can trigger denial-of-service (DoS) conditions through application crashes or infinite loops.
  • The vulnerabilities can be exploited via specially crafted network packets or malicious capture files.
  • Immediate updates are crucial for all users, particularly those running Wireshark in privileged or automated environments.

Wireshark Patches Critical RCE and DoS Vulnerabilities in Extensive Security Update

Wireshark, the ubiquitous open-source network protocol analyzer, has issued an urgent security release, version 4.6.5, to mitigate more than 40 vulnerabilities. Several of these flaws are severe, potentially enabling remote code execution (RCE) and a wide array of denial-of-service (DoS) attacks. Exploitation could occur through the injection of malformed network packets or by processing malicious capture files.

Table Of Content

  • Key Takeaways
  • Wireshark Patches Critical RCE and DoS Vulnerabilities in Extensive Security Update
  • Remote Code Execution Risks Identified
  • Denial-of-Service Through Dissector Crashes
  • Infinite Loops and Resource Exhaustion
  • Core Decompression Engine Vulnerabilities
  • Affected Versions and Remediation
  • What You Should Do

Given Wireshark’s widespread use in network monitoring, incident response, and traffic analysis, organizations and individual users are strongly advised to update to version 4.6.5 without delay.

Remote Code Execution Risks Identified

The most critical vulnerabilities addressed in this update carry the risk of remote code execution, moving beyond mere application disruption. Four specific dissectors and parsers were found to be susceptible:

  • TLS Dissector (CVE-2026-5402): A parsing error in malformed TLS traffic could lead to a crash with potential code execution (wnpa-sec-2026-14).
  • SBC Codec (CVE-2026-5403): Processing within the SBC audio codec was found to be vulnerable, risking a crash and possible code execution (wnpa-sec-2026-16).
  • RDP Dissector (CVE-2026-5405): Malformed Remote Desktop Protocol (RDP) packets could trigger a crash with potential for code execution (wnpa-sec-2026-17).
  • Profile Import (CVE-2026-5656): Importing malicious profiles could cause a crash with potential code execution (wnpa-sec-2026-21).

These RCE vulnerabilities are particularly concerning because Wireshark is frequently operated with elevated privileges within enterprise security operations centers (SOCs) and IT environments. Successful exploitation could therefore grant attackers significant access to sensitive systems.

Denial-of-Service Through Dissector Crashes

A substantial portion of the vulnerabilities resolved in this update relate to denial-of-service conditions, specifically application crashes when various protocol dissectors encounter malformed or maliciously crafted packets. The affected dissectors cover a broad spectrum of network protocols, including:

  • Monero (CVE-2026-5409), BT-DHT (CVE-2026-5408), FC-SWILS (CVE-2026-5406), ICMPv6 (CVE-2026-5299)
  • AFP (CVE-2026-5401), K12 RF5 file parser (CVE-2026-5404), AMR-NB codec (CVE-2026-5654)
  • SDP (CVE-2026-5655), iLBC audio codec (CVE-2026-5657, CVE-2026-6529), DCP-ETSI (CVE-2026-5653, CVE-2026-6530)
  • BEEP (CVE-2026-6538), ZigBee (CVE-2026-6537), Kismet (CVE-2026-6532)
  • ASN.1 PER (CVE-2026-6527), RTSP (CVE-2026-6526), IEEE 802.11 (CVE-2026-6525)
  • MySQL (CVE-2026-6524), GSM RP (CVE-2026-6870), WebSocket (CVE-2026-6869), HTTP (CVE-2026-6868)

An attacker positioned on the same network segment could trigger these crashes by injecting specially crafted packets, without needing any prior authentication or access to the target system.

Infinite Loops and Resource Exhaustion

Several other vulnerabilities could lead to a sustained denial-of-service by causing Wireshark to enter infinite loops, effectively hanging the application and consuming system resources. These include:

  • SMB2 Dissector (CVE-2026-5407): Malformed SMB2 traffic could trigger an infinite loop (wnpa-sec-2026-11).
  • DLMS/COSEM (CVE-2026-6536), USB HID (CVE-2026-6534), SANE (CVE-2026-6531)
  • GNW (CVE-2026-6523), OpenFlow v5 (CVE-2026-6521), OpenFlow v6 (CVE-2026-6520)
  • MBIM (CVE-2026-6519), RPKI-Router (CVE-2026-6522), TLS Dissector (CVE-2026-6528)

These loop-based flaws pose a significant risk in automated traffic capture environments, where a single malformed packet could permanently halt critical analysis processes.

Core Decompression Engine Vulnerabilities

Beyond individual protocol dissectors, two lower-level vulnerabilities were identified within Wireshark’s core decompression engines:

  • zlib Decompression Crash (CVE-2026-6535): Malformed compressed payloads could corrupt the decompression pipeline, leading to a crash (wnpa-sec-2026-26).
  • LZ77 Decompression Crash (CVE-2026-6533): Specially crafted LZ77-compressed data could trigger a crash during packet dissection (wnpa-sec-2026-28).

These engine-level vulnerabilities are particularly impactful as they affect any protocol that utilizes compressed payloads, significantly expanding the potential attack surface.

Affected Versions and Remediation

The Wireshark development team noted that artificial intelligence (AI)-assisted vulnerability reporting played a role in accelerating the discovery of many of these flaws across numerous protocol modules. Users are strongly urged to update to the latest patched release, Wireshark 4.6.5, which is available for download from the official Wireshark download page.

Organizations that integrate Wireshark into live capture systems or Security Information and Event Management (SIEM) solutions should prioritize this update as critical, especially considering the remote code execution potential in components like TLS, RDP, and SBC.

What You Should Do

  • Update Immediately: Download and install Wireshark 4.6.5 from the official Wireshark website.
  • Review Deployment: Assess where Wireshark is deployed in your environment, especially in automated or privileged contexts.
  • Minimize Privileges: Run Wireshark with the least necessary privileges. While some functions require elevated access, limit this where possible.
  • Isolate Operations: If running Wireshark for analyzing untrusted or external traffic, consider doing so in an isolated virtual machine or sandboxed environment.
  • Monitor for Exploitation: Remain vigilant for any unusual network activity or system behavior that could indicate attempted exploitation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Anthropic Debuts Claude Security Beta for Enterprise

Next Post

Fake CAPTCHA Campaign Uses SMS Pumping Fraud to Increase Victims’ Phone Bills

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Critical Buffa Rust Library 0-Day DoS Vulnerability in Anthropic
July 1, 2026
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us