PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-15164 Wireshark Foundation CVE debrief

A medium severity denial of service vulnerability was found in Wireshark's ciscodump feature. The vulnerability affects Wireshark versions 4.4.0 to 4.4.16 and 4.6.0 to 4.6.6. An attacker could exploit this vulnerability to crash the ciscodump feature, leading to a denial of service. This issue is caused by a crash in the ciscodump feature of Wireshark, which is used to capture and analyze Cisco device data. The crash can be triggered by a specially crafted packet. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. Network administrators and security teams should assess their exposure and apply necessary patches or mitigations to prevent potential denial of service attacks. Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability.

Vendor
Wireshark Foundation
Product
ciscodump
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-10
Advisory published
2026-07-08
Advisory updated
2026-07-10

Who should care

Network administrators and security teams responsible for managing Wireshark installations should be aware of this vulnerability. They should assess their exposure and apply necessary patches or mitigations to prevent potential denial of service attacks.

Technical summary

The vulnerability is caused by a crash in the ciscodump feature of Wireshark. This feature is used to capture and analyze Cisco device data. The crash can be triggered by a specially crafted packet, leading to a denial of service. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, as it could be used to disrupt network operations. Network administrators and security teams should assess their exposure and apply necessary patches or mitigations to prevent potential denial of service attacks. Wireshark installations should be reviewed for affected versions, and compensating controls should be considered for exposed systems while remediation is scheduled and verified. Monitoring and detection capabilities should be reviewed to identify potential exploitation attempts. Affected product deployments should be identified in managed environments, and an owner should be assigned for follow-up. Official advisories or CVE records should be reviewed to validate affected scope, severity, and vendor guidance. Exceptions should be tracked, and remediated assets should be retested, with the item only closed after evidence is documented. Vendor-supported updates or mitigations should be planned through normal change control where exposure is confirmed. Relevant monitoring, detection, and logs should be checked for exposed assets that need extra review. Source-grounded technical framing should be used without unsupported root-cause or exploit claims. The vulnerability class and likely operational impact should be considered in defensive planning. Defenders should track changes and updates to Wireshark and be prepared to apply patches or mitigations as they become available. The ciscodump feature should be reviewed for necessity and disabled if not required. Network administrators and security teams should be aware of the potential for denial of service attacks and take steps to mitigate this risk. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is caused by a crash in the ciscodump feature of Wireshark. This feature is used to capture and analyze Cisco device data. The crash can be triggered by a specially crafted packet, leading to a denial of service. Wireshark versions 4.4.0 to 4.4.16 and 4.6.0 to 4.6.6 are affected by this 5

Recommended defensive actions

  • Inventory Wireshark installations to identify affected versions
  • Apply patches or updates to Wireshark to address the vulnerability
  • Implement network monitoring to detect potential exploitation attempts
  • Consider disabling the ciscodump feature if not required
  • Review official advisories or CVE records to validate affected scope, severity, and vendor guidance
  • Identify affected product deployments in managed environments and assign an owner for follow-up
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-08T21:16:47.343Z and was last modified on 2026-07-10T13:50:59.683Z. The NVD entry is currently Analyzed. The vulnerability affects Wireshark versions 4.4.0 to 4.4.16 and 4.6.0 to 4.6.6. Evidence is limited to public sources and may not reflect the full scope or impact of this vulnerability. Defenders should verify Wireshark installations and assess exposure based on available information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T21:16:47.343Z and has not been modified since then. The NVD entry is currently Analyzed.