PatchSiren cyber security CVE debrief
CVE-2026-5402 Wireshark Foundation CVE debrief
CVE-2026-5402 is a high-severity vulnerability in Wireshark, a popular network protocol analyzer. The vulnerability is caused by a heap overflow in the TLS protocol dissector, which could lead to denial-of-service (DoS) attacks and potentially allow for code execution. The vulnerability affects Wireshark versions 4.6.0 to 4.6.4. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.8, indicating a high level of severity. The vulnerability was publicly disclosed on April 30, 2026, and has since been modified on June 30, 2026.
- Vendor
- Wireshark Foundation
- Product
- Wireshark
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-30
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-30
- Advisory updated
- 2026-06-30
Who should care
Security teams and administrators responsible for managing and maintaining Wireshark installations should be aware of this vulnerability. Additionally, network administrators and users who rely on Wireshark for network protocol analysis should also take note of this vulnerability. This vulnerability could potentially allow attackers to cause denial-of-service (DoS) attacks or execute arbitrary code on affected systems.
Technical summary
The vulnerability is caused by a heap overflow in the TLS protocol dissector in Wireshark. This could allow an attacker to cause a denial-of-service (DoS) attack or potentially execute arbitrary code on an affected system. The vulnerability affects Wireshark versions 4.6.0 to 4.6.4. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that the vulnerability can be exploited remotely, requires no user interaction, and has a high impact on confidentiality, integrity, and availability.
Defensive priority
High priority should be given to patching or upgrading Wireshark installations to a version that is not vulnerable. Additionally, network administrators should consider implementing compensating controls, such as monitoring network traffic and implementing intrusion detection systems, to help detect and prevent potential attacks.
Recommended defensive actions
- Patch or upgrade Wireshark installations to a version that is not vulnerable.
- Implement compensating controls, such as monitoring network traffic and implementing intrusion detection systems.
- Review and update network protocol analyzer configurations to ensure that only authorized users have access to sensitive information.
- Consider implementing additional security measures, such as network segmentation and isolation, to help prevent lateral movement in case of a successful attack.
- Monitor network traffic and system logs for potential signs of exploitation.
Evidence notes
The vulnerability was publicly disclosed on April 30, 2026, and has since been modified on June 30, 2026. The CVSS score for this vulnerability is 8.8, indicating a high level of severity. The vulnerability affects Wireshark versions 4.6.0 to 4.6.4. The CWE for this vulnerability is CWE-122, which is a heap-based buffer overflow vulnerability.
Official resources
-
CVE-2026-5402 CVE record
CVE.org
-
CVE-2026-5402 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Exploit, Issue Tracking
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.