Skip to main content

Wireshark CVE-2026-6521

| EUVDEUVD-2026-26329 MEDIUM
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:27 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:45 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26329
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:34 nvd
MEDIUM 5.5

DescriptionCVE.org

OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 are vulnerable to denial of service via infinite loops in the OpenFlow v5 protocol dissector when processing maliciously crafted packets. An attacker can trigger CPU exhaustion and application hang by delivering a specially crafted OpenFlow v5 packet to a user running an affected version, requiring user interaction (opening a capture file or live packet capture). No public exploit code has been identified, but the vulnerability is straightforward to trigger once the root cause is known.

Technical ContextAI

The OpenFlow v5 protocol dissector in Wireshark is responsible for parsing and displaying OpenFlow switching protocol messages in captured network traffic. The vulnerability resides in a parsing loop (CWE-835: Infinite Loop) that fails to properly validate or advance through packet data structures, causing the dissector to loop indefinitely when encountering specific malformed OpenFlow v5 message payloads. This affects the dissector layer of Wireshark's architecture, which processes raw packet bytes before display. The affected CPE indicates all versions of Wireshark from the foundation are potentially impacted within the stated version ranges.

RemediationAI

Upgrade to Wireshark 4.6.5 or later (for 4.6.x users) or 4.4.15 or later (for 4.4.x users). Both fixes address the infinite loop in the OpenFlow v5 dissector. Pending patching, restrict Wireshark packet analysis to known-trusted pcap files and disable live packet capture from untrusted network segments. Additionally, consider disabling the OpenFlow v5 dissector in Wireshark's protocol preferences if OpenFlow traffic analysis is not required in your environment (Edit → Preferences → Protocols → OpenFlow v5 → uncheck enabled). This workaround eliminates the attack surface for the specific protocol. Monitor Wireshark process CPU usage when opening pcap files from external sources; sustained 100% CPU with unresponsive UI may indicate exploitation. Refer to https://www.wireshark.org/security/wnpa-sec-2026-39.html for official patch delivery and https://gitlab.com/wireshark/wireshark/-/work_items/21182 for technical fix details.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6521 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy