Denial of Service Vulnerability in Wireshark Product by The Wireshark Team
CVE-2026-6522

5.5MEDIUM

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-6522?

The Wireshark application is impacted by a vulnerability in the RPKI-Router protocol dissector which can lead to an infinite loop. This flaw, present in versions 4.6.0 through 4.6.4 and in 4.4.0 through 4.4.14, allows attackers to execute denial of service attacks against the application. By exploiting this vulnerability, an attacker could cause the application to become unresponsive, significantly disrupting network traffic analysis and monitoring functionalities. Immediate updates to the latest version are recommended to mitigate risks associated with this vulnerability.

Affected Version(s)

Wireshark 4.6.0 < 4.6.5

Wireshark 4.4.0 < 4.4.15

References

https://www.wireshark.org/security/wnpa-sec-2026-42.html

https://gitlab.com/wireshark/wireshark/-/work_items/21186

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 17, 2026

Credit

Sharon Brizinov

CVE-2026-6522 Data

JSON