Skip to main content

Wireshark EUVDEUVD-2026-26319

| CVE-2026-5406 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:26 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26319
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:40 nvd
MEDIUM 5.5

DescriptionCVE.org

FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed FC-SWILS (Fibre Channel Switch InterLink Service) protocol packets, enabling denial of service via local or remote delivery of a crafted packet file. The vulnerability requires user interaction (opening a malicious capture file), and no active exploitation has been confirmed at time of analysis.

Technical ContextAI

The FC-SWILS protocol dissector in Wireshark contains an uncontrolled recursion flaw (CWE-674) that triggers a stack overflow or similar resource exhaustion when parsing specially crafted Fibre Channel protocol frames. Fibre Channel is a high-speed network technology used in storage area networks (SANs) and enterprise environments. The dissector is invoked when Wireshark opens a packet capture file or processes live traffic containing FC-SWILS frames. The affected CPE range indicates all Wireshark releases from 4.4.0 through 4.4.14 and 4.6.0 through 4.6.4 are vulnerable. The local attack vector (AV:L) combined with user interaction requirement (UI:R) means exploitation depends on a user opening a malicious .pcap, .pcapng, or similar capture file.

RemediationAI

Upgrade Wireshark to a patched version released after 4.6.4 or 4.4.14 (exact fix version not specified in provided data - consult https://www.wireshark.org/security/wnpa-sec-2026-10.html for the specific patched release). As an interim measure, restrict file-opening permissions to trusted capture sources only, disable FC-SWILS dissection via Wireshark preferences if it is not required for your workflow, or use sandboxing/containerization when analyzing untrusted capture files. Users should avoid opening .pcap or .pcapng files from untrusted sources until patched. Organizations managing shared capture file repositories should implement access controls to limit who can upload new captures.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26319 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy