Wireshark 4.6.6 Released With Fix for Dissector Crash via

The Wireshark Foundation has released Wireshark 4.6.6, an update primarily addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector. This flaw could allow an attacker to crash the application by injecting a specially crafted, malformed packet. Additionally, the release resolves over a dozen stability and compatibility bugs impacting Windows users.

The primary security fix targets wnpa-sec-2026-51, a confirmed dissector crash vulnerability tracked under Issue 21243. The flaw resided in Wireshark’s ROHC protocol dissector, a component responsible for parsing compressed IP packet headers.

By injecting a malformed packet into a live capture or supplying a crafted .pcap file, a threat actor could trigger an unhandled crash, disrupting network analysis workflows and potentially destabilizing monitoring environments.

Additionally, a MACsec dissector global-buffer-overflow (Issue 21235) was resolved, which posed a memory safety risk during packet parsing of IEEE 802.1AE-secured traffic. Both flaws were surface-exposed through fuzz testing campaigns conducted in May 2026.

Bug Fixes and Stability Improvements

Beyond the security patches, Wireshark 4.6.6 addresses several high-impact bugs:

• Windows crash under Visual Studio (Work Item 24787) — a development environment regression now resolved
• Uninitialized memory reads in pntoh16 and find_signature within the VeriWave (vwr) file reader (Issues 16460, 16461)
• Windows 10 v1809 incompatibility — Wireshark 4.6.5 failed to run on Windows 10 1809, Server 2019, and certain LTSC editions (Issue 21237)
• Accidental feature removal during upgrades on Windows when optional features weren’t explicitly preserved (Issue 18925)
• Bloated executable size — Wireshark.exe 4.6.5 was twice the size of 4.6.4 due to a packaging issue (Issue 21233)
• Two fuzz job crashes from May 2026 capture files (Issues 21240, 21253)

This release ships with Npcap 1.88, replacing the previously bundled Npcap 1.87, improving low-level packet capture reliability on Windows. No new protocols were introduced, but updated dissector support covers BACapp, MACsec, ROHC, Kafka, SIP, PFCP, BPv7, and several others. Capture file support updates include JSON and VeriWave formats.

On Unix systems, extcap binaries now default to the /usr/libexec/wireshark/extcap directory — a change originally introduced in 4.6.0 but formally documented in this release.

Security teams and network analysts using Wireshark in production or monitoring environments should update to version 4.6.6 immediately, particularly given the ROHC dissector crash risk in environments processing untrusted or external packet captures. Downloads are available at wireshark.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.