iOS Client for Wire Messaging Application Vulnerability in Wire
CVE-2026-35049

6.5MEDIUM

Key Information:

Vendor: Wireapp
Status: Wire-iOS
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-35049?

The Wire iOS client, used for secure messaging, is susceptible to a vulnerability that causes the application to crash upon receiving a specially crafted Proteus external message. This specific message contains an encrypted payload that is less than 16 bytes, leading to an automated crash sequence immediately after message receipt, without any user action needed. The persistence of this harmful message in the conversation results in a continuous crash loop whenever the application is relaunched, effectively locking users out until they manually clear the local application state. The issue has been addressed in version 4.16.0, which incorporates a necessary length check to prevent such crashes. Users are urged to update to the latest version to ensure their application remains secure.

Affected Version(s)

wire-ios < 4.16.0

References

https://github.com/wireapp/wire-ios/security/advisories/G...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-35049 Data

JSON

Wireapp

What is CVE-2026-35049?

Affected Version(s)

References

CVSS V3.1

Timeline