{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/wireshark/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Wireshark 4.4.x","Wireshark 4.6.x"],"_cs_severities":["high"],"_cs_tags":["wireshark","vulnerability","rce","dos"],"_cs_type":"advisory","_cs_vendors":["Wireshark"],"content_html":"\u003cp\u003eOn April 30, 2026, CERT-FR published an advisory regarding multiple vulnerabilities discovered in Wireshark, a widely used network protocol analyzer. The vulnerabilities affect Wireshark versions 4.4.x prior to 4.4.15 and 4.6.x prior to 4.6.5. Successful exploitation of these vulnerabilities could lead to remote code execution (RCE), denial-of-service (DoS) conditions, and unauthorized disclosure of sensitive data. Given Wireshark\u0026rsquo;s role in network analysis, these vulnerabilities pose a significant risk to organizations using the tool for monitoring and troubleshooting network traffic. These vulnerabilities highlight the importance of keeping software up to date, especially software that handles sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a malicious network packet or capture file.\u003c/li\u003e\n\u003cli\u003eThe victim opens the malicious packet or capture file in a vulnerable version of Wireshark (4.4.x before 4.4.15 or 4.6.x before 4.6.5).\u003c/li\u003e\n\u003cli\u003eWireshark parses the packet or file using a vulnerable dissector.\u003c/li\u003e\n\u003cli\u003eThe vulnerable dissector fails to properly handle the malformed data, leading to a buffer overflow or other memory corruption issue.\u003c/li\u003e\n\u003cli\u003eThe memory corruption allows the attacker to overwrite critical program data or inject malicious code.\u003c/li\u003e\n\u003cli\u003eThe injected code is executed within the context of the Wireshark process.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the Wireshark process.\u003c/li\u003e\n\u003cli\u003eThe attacker performs unauthorized actions, such as exfiltrating sensitive data or causing a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of these vulnerabilities can have severe consequences, including remote code execution, potentially allowing an attacker to gain complete control over the affected system. A denial-of-service condition can disrupt network analysis activities and hinder incident response efforts. Data confidentiality can be compromised if an attacker gains access to sensitive network traffic data captured by Wireshark. The impact is significant for network administrators and security professionals who rely on Wireshark for network monitoring and analysis.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Wireshark to version 4.4.15 or 4.6.5 or later to patch the vulnerabilities (refer to the Wireshark security advisories wnpa-sec-2026-08 through wnpa-sec-2026-50).\u003c/li\u003e\n\u003cli\u003eImplement network access controls to limit exposure of Wireshark instances to untrusted network traffic, reducing the likelihood of processing malicious packets.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Wireshark opening network capture files from untrusted locations\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor systems running vulnerable versions of Wireshark for suspicious activity, such as unexpected process crashes or unauthorized network connections.\u003c/li\u003e\n\u003cli\u003eConsider using alternative packet analysis tools or sandboxing Wireshark for analyzing potentially malicious network traffic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T00:00:00Z","date_published":"2026-04-30T00:00:00Z","id":"/briefs/2026-04-wireshark-vulns/","summary":"Multiple vulnerabilities in Wireshark versions 4.4.x before 4.4.15 and 4.6.x before 4.6.5 could allow remote attackers to execute arbitrary code, cause a denial of service, or compromise data confidentiality.","title":"Multiple Vulnerabilities in Wireshark Lead to Remote Code Execution and Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-04-wireshark-vulns/"}],"language":"en","title":"CraftedSignal Threat Feed — Wireshark","version":"https://jsonfeed.org/version/1.1"}