Skip to main content

Wireshark CVE-2026-5409

| EUVDEUVD-2026-26322 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:27 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26322
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:41 nvd
MEDIUM 5.5

DescriptionCVE.org

Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Denial of service in Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 via malformed Monero protocol packets causes application crash through unbounded recursion in the protocol dissector. Local attackers with user-level privileges can trigger the crash by opening a crafted pcap file or receiving a malicious network packet during live capture, requiring user interaction to open the malicious file but resulting in complete unavailability of the packet analysis tool.

Technical ContextAI

Wireshark's protocol dissectors parse network traffic to extract and display protocol-specific information. The Monero protocol dissector processes Monero blockchain network packets, and this vulnerability stems from CWE-674 (Uncontrolled Recursion), where the dissector fails to properly validate packet structure or enforce recursion depth limits. When processing specially crafted Monero protocol packets, the dissector enters infinite or deeply nested recursive function calls, exhausting the call stack and crashing the application. The CPE cpe:2.3:a:wireshark_foundation:wireshark:*:*:*:*:*:*:*:* indicates all versions of Wireshark are in scope, with specific vulnerable ranges identified.

RemediationAI

Upgrade Wireshark to version 4.6.5 or later (or 4.4.15 or later for the 4.4 branch) to receive the fix for the unbounded recursion in the Monero protocol dissector. No workarounds short of patching are available; however, organizations can reduce exposure by disabling the Monero protocol dissector if not actively analyzing Monero traffic-in Wireshark's protocol preferences, uncheck the Monero dissector, though this eliminates visibility into Monero protocol packets. Alternatively, avoid opening untrusted pcap files from unknown sources or restrict live packet capture to known trusted networks until patched. See vendor advisory at https://www.wireshark.org/security/wnpa-sec-2026-08.html for exact patched version availability and timelines.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-5409 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy