{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/product-vulnerability/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":5.5,"id":"CVE-2026-15163"},{"cvss":5.5,"id":"CVE-2026-15166"},{"cvss":5.5,"id":"CVE-2026-15170"},{"cvss":5.5,"id":"CVE-2026-15172"},{"cvss":4.7,"id":"CVE-2026-15173"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Wireshark 4.6.x","Wireshark 4.4.x"],"_cs_severities":["high"],"_cs_tags":["vulnerability","wireshark","dos","info-disclosure","product-vulnerability"],"_cs_type":"advisory","_cs_vendors":["Wireshark"],"content_html":"\u003cp\u003eMultiple critical vulnerabilities, identified as CVE-2026-15163 through CVE-2026-15174, have been disclosed in Wireshark, a widely-used network protocol analyzer. These flaws affect Wireshark versions 4.6.x prior to 4.6.7 and all versions prior to 4.4.17. Published by CERT-FR on July 9, 2026, these vulnerabilities could enable a remote attacker to trigger a denial of service condition in the application, leading to instability or crashes. Furthermore, certain vulnerabilities could also facilitate an unauthorized compromise of data confidentiality, potentially exposing sensitive information being processed or analyzed by Wireshark. Organizations using vulnerable versions are strongly advised to patch immediately to mitigate the risk of disruption and data exposure posed by these publicly identified security issues.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker crafts malicious network traffic or capture file\u003c/strong\u003e: An attacker develops specifically malformed network packets or a corrupted capture file (e.g., PCAP, PCAPNG) targeting known vulnerabilities in Wireshark's dissection logic.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery of malicious input (network)\u003c/strong\u003e: The attacker transmits the crafted network traffic over a network segment monitored by a vulnerable Wireshark instance, relying on Wireshark to capture and process it.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDelivery of malicious input (file)\u003c/strong\u003e: Alternatively, the attacker delivers the malicious capture file (e.g., via email, web download, or removable media) to a user of a vulnerable Wireshark installation.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eWireshark processes malicious data\u003c/strong\u003e: The vulnerable Wireshark instance begins to dissect the malicious network traffic it captured or the user manually opens the malicious capture file.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eVulnerability triggered in protocol dissector\u003c/strong\u003e: During the parsing of the malformed data, a flaw within one of Wireshark's protocol dissectors (e.g., memory corruption, infinite loop, buffer overflow) is triggered.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApplication crash (Denial of Service)\u003c/strong\u003e: The triggered vulnerability causes the Wireshark application to crash unexpectedly, resulting in a denial of service for the user.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePotential information disclosure\u003c/strong\u003e: Depending on the specific vulnerability, an attacker might be able to read or leak sensitive data from the Wireshark process's memory space, leading to a confidentiality breach.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of these Wireshark vulnerabilities can lead to significant operational disruption for network analysts and security professionals. Remote attackers can cause the Wireshark application to crash, rendering it unusable and impacting ongoing network analysis tasks. Additionally, the data confidentiality breach aspect means that an attacker could potentially gain unauthorized access to sensitive network traffic data or other information residing in the memory of the Wireshark process. While no specific victim counts or targeted sectors are mentioned, any organization using vulnerable Wireshark versions for network monitoring, troubleshooting, or security analysis is at risk of operational downtime and sensitive data exposure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch CVE-2026-15163, CVE-2026-15164, CVE-2026-15165, CVE-2026-15166, CVE-2026-15167, CVE-2026-15168, CVE-2026-15169, CVE-2026-15170, CVE-2026-15171, CVE-2026-15172, CVE-2026-15173, and CVE-2026-15174 by updating all Wireshark installations to version 4.6.7 or later, or 4.4.17 or later, as specified in the affected products section.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-09T14:27:33Z","date_published":"2026-07-09T14:27:33Z","id":"https://feed.craftedsignal.io/briefs/2026-07-wireshark-multivuln/","summary":"Multiple vulnerabilities (CVE-2026-15163 through CVE-2026-15174) have been discovered in Wireshark, impacting versions 4.6.x prior to 4.6.7 and versions prior to 4.4.17, which could allow a remote attacker to cause a denial of service and compromise data confidentiality.","title":"Multiple Vulnerabilities Discovered in Wireshark Leading to DoS and Data Confidentiality Compromise","url":"https://feed.craftedsignal.io/briefs/2026-07-wireshark-multivuln/"}],"language":"en","title":"CraftedSignal Threat Feed - Product-Vulnerability","version":"https://jsonfeed.org/version/1.1"}