Skip to main content

Wireshark CVE-2026-6867

| EUVDEUVD-2026-26346 MEDIUM
Improperly Controlled Sequential Memory Allocation (CWE-1325)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 18:15 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:45 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26346
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:33 nvd
MEDIUM 5.5

DescriptionCVE.org

SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Wireshark SMB2 protocol dissector crashes when processing malformed packets, causing denial of service in versions 4.6.0-4.6.4 and 4.4.0-4.4.14. A local attacker with low privileges can trigger the crash by crafting a malicious SMB2 packet and inducing the user to open it in Wireshark, resulting in application termination and loss of packet capture capability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Attacker crafts malformed SMB2 packet
Delivery
Embeds packet in .pcap file
Exploit
Delivers file to analyst via email or web
Install
Analyst opens file in Wireshark
C2
SMB2 dissector parses malicious frame
Execute
Dissector crashes
Impact
Wireshark application terminates

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) the target system has Wireshark 4.6.0-4.6.4 or 4.4.0-4.4.14 installed with the SMB2 dissector enabled (default configuration), (2) a local or network-adjacent attacker can deliver a malformed SMB2 packet to the user (e.g., via email, web download, or shared network folder), and (3) the user must open the malicious packet file in Wireshark with the GUI application. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk is moderate. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malformed SMB2 packet embedded in a .pcap file and distributes it via email or a file-sharing service with a misleading filename (e.g., 'network_capture_20260115.pcap'). A network analyst or incident responder, unaware of the payload, opens the file in Wireshark to investigate the network traffic. …
Remediation Upgrade to Wireshark 4.6.5 or later (stable series) or 4.4.15 or later (legacy series) to receive the vendor-released patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6867 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy