Wireshark Wireshark

  1. Vendors
  2. Wireshark
  3. Wireshark

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Wireshark.

By the Year

In 2026 there have been 37 vulnerabilities in Wireshark with an average score of 5.7 out of ten. Last year, in 2025 Wireshark had 7 security vulnerabilities published. That is, 30 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 0.78




Year Vulnerabilities Average Score
2026 37 5.71
2025 7 6.49
2024 19 7.09
2023 31 6.01
2022 8 6.35
2021 22 7.37
2020 20 6.58
2019 22 6.88
2018 79 7.27

It may take a day or so for new Wireshark vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Wireshark Security Vulnerabilities

Wireshark 802.11 dissector crash CVE-2026-6525 (4.6.0-4.6.4)
CVE-2026-6525 5.5 - Medium - May 02, 2026

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4

NULL Pointer Dereference

Wireshark SBC Codec Crash DoS CVE-2026-5403 (4.4.0-4.4.14, 4.6.0-4.6.4)
CVE-2026-5403 7.8 - High - April 30, 2026

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Heap-based Buffer Overflow

Wireshark 4.6.x/4.4.x Path Traversal in Profile Import Causing DoS/Exec
CVE-2026-5656 7 - High - April 30, 2026

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Directory traversal

Wireshark RDP Dissector Crash (4.6.04.6.4, 4.4.04.4.14) DoS/Code Exec
CVE-2026-5405 7.8 - High - April 30, 2026

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Heap-based Buffer Overflow

Wireshark 4.6.x/4.4.x Monero Dissector DoS Crash
CVE-2026-5409 5.5 - Medium - April 30, 2026

Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark <=4.6.4, <=4.4.14 BT-DHT dissector DoS Crash
CVE-2026-5408 5.5 - Medium - April 30, 2026

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark 4.6.0-4.6.4 & 4.4.0-4.4.14 ICMPv6 PvD Dissector Crash (DoS)
CVE-2026-5299 5.5 - Medium - April 30, 2026

ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark 4.6.x TLS Dissector Heap Overflow (CVE-2026-5402)
CVE-2026-5402 8.8 - High - April 30, 2026

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Heap-based Buffer Overflow

SDP dissector crash before 4.6.5 Wireshark 4.6.04.6.4 Denial of Service
CVE-2026-5655 5.5 - Medium - April 30, 2026

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service

Dangling pointer

Wireshark 4.6.0-4.6.4 iLBC Codec DoS
CVE-2026-5657 5.5 - Medium - April 30, 2026

iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Double-free

Wireshark DCP-ETSI dissector crash before 4.6.5 & 4.4.15 (DoS)
CVE-2026-5653 5.5 - Medium - April 30, 2026

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Heap-based Buffer Overflow

Wireshark 4.6.0-4.6.4 ZigBee dissector CSF DoS
CVE-2026-6537 5.5 - Medium - April 30, 2026

ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Overflow

Wireshark 4.6.0-4.6.4 DLMS/COSEM Infinite Loop in Protocol Dissector
CVE-2026-6536 5.5 - Medium - April 30, 2026

DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4

Infinite Loop

Wireshark DoS via zlib Decompress Engine (v4.6.0-4.6.4, v4.4.0-4.4.14)
CVE-2026-6535 5.5 - Medium - April 30, 2026

Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark 4.6.x & 4.4.x LZ77 Decompression DOS Crash (4.6.0-4.6.4)
CVE-2026-6533 5.5 - Medium - April 30, 2026

Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark Kismet Dissector DoS <4.6.5/4.4.15
CVE-2026-6532 5.5 - Medium - April 30, 2026

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Buffer Over-read

Wireshark SANE Dissector Infinite Loop (DoS) 4.6.0-4.6.4, 4.4.0-4.4.14
CVE-2026-6531 5.5 - Medium - April 30, 2026

SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Infinite Loop

Wireshark DCP-ETSI Dissector Crash (DoS) 4.4.0-4.4.14 & 4.6.0-4.6.4
CVE-2026-6530 5.5 - Medium - April 30, 2026

DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Heap-based Buffer Overflow

Wireshark DoS via iLBC Codec in 4.4.04.4.14 & 4.6.04.6.4
CVE-2026-6529 5.5 - Medium - April 30, 2026

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Heap-based Buffer Overflow

Wireshark 4.6.0-4.6.4 TLS Dissector Infinite Loop - DoS
CVE-2026-6528 5.5 - Medium - April 30, 2026

TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service

Infinite Loop

Wireshark 4.6.0-4.6.4 & 4.4.0-4.4.14: ASN.1 PER Disc Crash (DoS)
CVE-2026-6527 5.5 - Medium - April 30, 2026

ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark RTSP dissector crash 4.6.04.6.4 (before 4.6.5)
CVE-2026-6526 5.5 - Medium - April 30, 2026

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4

NULL Pointer Dereference

Wireshark 4.6.x/4.4.x MySQL dissector DoS (CVE-2026-6524)
CVE-2026-6524 5.5 - Medium - April 30, 2026

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Access of Uninitialized Pointer

Wireshark GNW Dissector DoS via Infinite Loop (4.4.04.4.14, 4.6.04.6.4)
CVE-2026-6523 5.5 - Medium - April 30, 2026

GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Infinite Loop

Wireshark 4.4.x/4.6.x OpenFlow v6 dissector infinite-loop DoS
CVE-2026-6520 5.5 - Medium - April 30, 2026

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Infinite Loop

Wireshark RPKI-Router Dissector DoS (InfLoop 4.6.0-4.6.4, 4.4.0-4.4.14)
CVE-2026-6522 5.5 - Medium - April 30, 2026

RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Infinite Loop

Wireshark GSM RP Dissector DoS 4.44.6.x
CVE-2026-6870 5.5 - Medium - April 30, 2026

GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Access of Uninitialized Pointer

Wireshark 4.6.0-4.6.4 WebSocket Dissector DoS via Protocol Crash
CVE-2026-6869 5.5 - Medium - April 30, 2026

WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Exhaustion

Wireshark HTTP Dissector Crash (CVE-2026-6868)
CVE-2026-6868 5.5 - Medium - April 30, 2026

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Stack Overflow

Wireshark 4.6.x & 4.4.x SHARKD Crash (DoS) until 4.6.5/4.4.15
CVE-2026-7378 5.5 - Medium - April 30, 2026

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Heap-based Buffer Overflow

Wireshark 4.6.x Memory Leak (sharkd) DoS
CVE-2026-7379 5.5 - Medium - April 30, 2026

Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Memory Leak

Wireshark 4.4-4.6 UDS Proto Dissector Infinite Loop DoS
CVE-2026-7375 5.5 - Medium - April 30, 2026

UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Infinite Loop

Wireshark 4.6.x: sharkd Denial of Service CVE-2026-7376
CVE-2026-7376 5.5 - Medium - April 30, 2026

Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

NULL Pointer Dereference

Wireshark RF4CE Profile Dissector DoS in 4.4.0-4.4.13 & 4.6.0-4.6.3
CVE-2026-3203 5.5 - Medium - February 25, 2026

RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

Buffer Over-read

NTS-KE Dissector Crash in Wireshark 4.6.0-4.6.3 (DoS)
CVE-2026-3202 4.7 - Medium - February 25, 2026

NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service

NULL Pointer Dereference

Wireshark 4.4-4.6 USB HID protocol dissector DOS (memory exhaustion)
CVE-2026-3201 4.7 - Medium - February 25, 2026

USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

Stack Exhaustion

Wireshark 4.6.0-4.6.2/4.4.0-4.4.12: SOME/IPSD dissector DoS Crash
CVE-2026-0962 5.3 - Medium - January 14, 2026

SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Memory Corruption

Wireshark MEGACO Dissector DoS via Infinite Loop (4.4.0-4.4.11,4.6.0-4.6.1)
CVE-2025-13946 5.5 - Medium - December 03, 2025

MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service

Infinite Loop

Wireshark HTTP3 dissector DoS (4.6.0-4.6.1)
CVE-2025-13945 5.5 - Medium - December 03, 2025

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service

Stack Exhaustion

Wireshark 4.6.0 BPv7 dissector DoS crash
CVE-2025-13674 5.5 - Medium - November 26, 2025

BPv7 dissector crash in Wireshark 4.6.0 allows denial of service

Access of Uninitialized Pointer

Wireshark 4.4-4.6 DoS via Kafka Dissector Crash
CVE-2025-13499 7.8 - High - November 21, 2025

Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service

Access of Uninitialized Pointer

Wireshark MONGO dissector DoS via infinite loop 4.2.04.2.13, 4.4.04.4.9
CVE-2025-11626 5.5 - Medium - October 10, 2025

MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service

Infinite Loop

Wireshark 4.4.0-4.4.6 Column Crash – Denial of Service via Packet Injection
CVE-2025-5601 7.8 - High - June 04, 2025

Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file

Classic Buffer Overflow

Wireshark 4.2-4.4.3 Bundle & CBOR Dissectors DoS (Crashes)
CVE-2025-1492 7.8 - High - February 20, 2025

Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file

Stack Exhaustion

Wireshark ECMP Dissector Denial of Service Vulnerability
CVE-2024-11596 7.8 - High - November 21, 2024

ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

Buffer Over-read

Wireshark FiveCo RAP Dissector Infinite Loop Denial of Service Vulnerability
CVE-2024-11595 7.8 - High - November 21, 2024

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

Infinite Loop

Wireshark 4.4.0 ITS Dissector DoS via Packet Injection/Crafted Capture
CVE-2024-9780 7.8 - High - October 10, 2024

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

Missing Initialization of a Variable

Wireshark 4.4.0 & 4.2.04.2.7 Appletalk/RELOAD DSCRASH via Packets (DoS)
CVE-2024-9781 7.8 - High - October 10, 2024

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

Improper Handling of Missing Values

Denial of Service via SPRT Dissector Crash in Wireshark 4.0.04.2.0
CVE-2024-8645 5.5 - Medium - September 10, 2024

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

Access of Uninitialized Pointer

Wireshark NTLMSSP dissector DoS via packet injection (4.04.2)
CVE-2024-8250 7.8 - High - August 29, 2024

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

Dangling pointer

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Wireshark or by Wireshark? Click the Watch button to subscribe.

Wireshark
Vendor

Wireshark
Product

subscribe