Skip to main content

Wireshark CVE-2026-6868

| EUVDEUVD-2026-26309 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:01 nvd
Patch available
Patch available
Apr 30, 2026 - 07:01 EUVD
Analysis Generated
Apr 30, 2026 - 06:00 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 05:30 euvd
EUVD-2026-26309
Analysis Generated
Apr 30, 2026 - 05:30 vuln.today
CVE Published
Apr 30, 2026 - 05:04 nvd
MEDIUM 5.5

DescriptionCVE.org

HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Stack buffer overflow in Wireshark HTTP protocol dissector (versions 4.6.0-4.6.4 and 4.4.0-4.4.14) causes application crash when processing malformed HTTP packets, resulting in denial of service. Local attackers with ability to trigger packet analysis via user interaction can crash the application and disrupt network traffic inspection workflows.

Technical ContextAI

The vulnerability exists in Wireshark's HTTP protocol dissector, which parses HTTP traffic during network packet capture and analysis. A stack buffer overflow (CWE-121) in the dissector logic allows specially crafted HTTP packets to write beyond allocated stack memory boundaries. This memory corruption crashes the dissector process. The attack requires local access and user interaction (opening a malicious PCAP file or live capture containing the malformed HTTP payload), making this a local denial-of-service vector rather than a network-wide attack.

RemediationAI

Upgrade to Wireshark 4.6.5 or later (4.6.x branch) or 4.4.15 or later (4.4.x LTS branch) to receive the patched HTTP dissector. Users unable to upgrade immediately should avoid opening untrusted PCAP files in Wireshark and disable HTTP protocol dissection if not required (via Wireshark preferences → Protocols → HTTP, though this reduces analysis capability). If live packet capture is necessary, restrict access to Wireshark to trusted analysts and implement endpoint monitoring to detect unexpected Wireshark crashes as an indicator of attack attempts. The Wireshark Foundation advisory at https://www.wireshark.org/security/wnpa-sec-2026-46.html provides release timelines and additional technical details.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

CVE-2026-6868 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy