ThreatCluster

Multiple Vulnerabilities in Wireshark Allow Denial of Service and Code Execution

First seen 7 May 2026, 11:13 UTC nvd.nist.gov 72% similarity 71

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities have been identified in Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. CVE-2026-5405 involves a crash in the RDP protocol dissector, while CVE-2026-5656 pertains to a profile import path traversal issue. Both vulnerabilities allow for denial of service and potential code execution, affecting users of these Wireshark versions. The vulnerabilities were published on April 30, 2026, and are currently being monitored for active exploitation. Users are advised to check for updates and apply patches as necessary to mitigate risks. The NVD has enriched the CVE records, but further CPE information may be required.

Key Points: • CVE-2026-5405 and CVE-2026-5656 affect Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. • Both vulnerabilities allow for denial of service and possible code execution. • Users are urged to apply patches to mitigate the risks associated with these vulnerabilities.

ThreatCluster AI

Timeline

2026-04-30
CVE-2026-5405 and CVE-2026-5656 published
Two vulnerabilities in Wireshark were disclosed, allowing denial of service and potential code execution.
Article 1
2026-05-07
NVD enrichment efforts completed
The NVD updated the CVE records with enriched data, indicating potential missing CPE information.
Article 1

Community

Browse all →