Skip to main content

Wireshark EUVDEUVD-2026-26321

| CVE-2026-5408 MEDIUM
Uncontrolled Recursion (CWE-674)
2026-04-30 GitLab
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
May 01, 2026 - 19:25 nvd
Patch available
Patch available
Apr 30, 2026 - 08:16 EUVD
Analysis Generated
Apr 30, 2026 - 06:48 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 06:30 euvd
EUVD-2026-26321
Analysis Generated
Apr 30, 2026 - 06:30 vuln.today
CVE Published
Apr 30, 2026 - 05:40 nvd
MEDIUM 5.5

DescriptionCVE.org

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

AnalysisAI

Wireshark versions 4.6.0-4.6.4 and 4.4.0-4.4.14 crash when processing malformed BT-DHT protocol packets, enabling local denial of service against users who open crafted capture files or sniff untrusted network traffic. The vulnerability requires local access and user interaction (opening a file or viewing live capture), but no authentication is required. EPSS exploitation probability is moderate given the low attack complexity and the prevalence of Wireshark in security operations.

Technical ContextAI

Wireshark is a network packet analyzer that dissects hundreds of protocols in real time. The BT-DHT (BitTorrent Distributed Hash Table) protocol dissector is a built-in parser responsible for decoding DHT messages used in BitTorrent peer discovery. The underlying issue is CWE-674 (uncontrolled recursion), which occurs when the dissector processes maliciously crafted or malformed BT-DHT packets. Recursive function calls within the parser fail to properly validate recursion depth or input bounds, causing stack exhaustion or out-of-bounds memory access, triggering an application crash. The CPE notation cpe:2.3:a:wireshark_foundation:wireshark:*:*:*:*:*:*:*:* indicates the flaw affects all configurations of Wireshark within the specified version ranges.

RemediationAI

Upgrade to Wireshark 4.6.5 or later (for the 4.6.x branch) or Wireshark 4.4.15 or later (for the 4.4.x branch). Users unable to upgrade immediately should avoid opening untrusted BT-DHT packet captures and disable live packet capture from untrusted network segments until patching is possible. If running Wireshark in a shared environment, restrict file access to trusted sources and disable automatic capture features. The vendor advisory at https://www.wireshark.org/security/wnpa-sec-2026-09.html provides exact patch versions and timeline.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed

Share

EUVD-2026-26321 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy