Skip to main content

Wireshark CVE-2026-6520

| EUVDEUVD-2026-26328 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 16:37 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:46 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26328
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:34 nvd
MEDIUM 5.5

DescriptionCVE.org

OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14 are vulnerable to a denial of service attack via an infinite loop in the OpenFlow v6 protocol dissector, triggered when processing malformed OpenFlow traffic. A local attacker with user interaction can crash the Wireshark application by crafting a malicious packet capture file or live traffic stream, rendering packet analysis unavailable until the process is restarted. No authentication is required, and the CVSS score of 5.5 reflects local attack vector with high availability impact.

Technical ContextAI

Wireshark is a network packet analyzer that dissects protocols from captured traffic using modular dissector plugins. The OpenFlow v6 protocol dissector is responsible for parsing OpenFlow protocol frames, which are used in Software-Defined Networking (SDN) for network switch communication. The vulnerability exists in CWE-835 (Infinite Loop), a code path in the dissector that fails to properly validate or bound-check packet structure during parsing. When the dissector encounters a specially crafted OpenFlow v6 frame with malformed fields, it enters an uncontrolled loop without a proper exit condition, consuming CPU cycles until manual intervention or timeout. The affected CPE indicates all Wireshark versions matching the specified ranges are vulnerable regardless of platform or configuration.

RemediationAI

Upgrade to patched versions: Wireshark 4.6.5 or later to remediate the 4.6.x branch, or Wireshark 4.4.15 or later to remediate the 4.4.x branch. Complete update details and additional patched versions are available at https://www.wireshark.org/security/wnpa-sec-2026-40.html. Until patching is feasible, apply the following compensating controls with trade-offs: (1) Restrict Wireshark usage to trusted or pre-filtered packet capture files only, avoiding analysis of live untrusted network traffic - this eliminates the attack vector if malicious packets cannot reach Wireshark but reduces detection capability for inline monitoring. (2) Disable or remove the OpenFlow v6 dissector plugin if SDN protocol analysis is not required - this eliminates the vulnerable code path but sacrifices OpenFlow protocol visibility. (3) Run Wireshark in a sandboxed or isolated environment (virtual machine, container) so that denial of service impacts only the analysis environment, not production systems - this mitigates availability impact but adds operational overhead. (4) Implement input validation at the packet capture source, filtering out malformed OpenFlow frames before they reach Wireshark - this requires network-level access and signature-based filtering, which may be difficult if OpenFlow variants are poorly documented. The vendor-supplied patch is the most reliable remediation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6520 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy