CVE-2026-5402PATCHED

wireshark · wireshark

Heap-based Buffer Overflow in Wireshark

Description

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

Affected Products

Vendor	Product	Versions
wireshark	wireshark	4.6.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	wireshark	cert_advisory	90%

References

https://www.wireshark.org/security/wnpa-sec-2026-14.html
https://gitlab.com/wireshark/wireshark/-/issues/21090(issue-tracking, permissions-required)

Related News (3 articles)

Tier D

Heise Security3h ago

Netzwerkanalysetool Wireshark: Zahlreiche Sicherheitslücken geschlossen

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[NEU] [hoch] Wireshark: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-5402 | Wireshark up to 4.6.4 TLS Protocol Dissector heap-based overflow (ID 21090)

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.6.5

CWECWE-122

PublishedApr 30, 2026

Last enriched4d agov2

Trending Score47

Source articles3

Independent3

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5656EXP

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Trending: 63

HIGHCVE-2026-5405EXP

Heap-based Buffer Overflow in Wireshark

Trending: 63

HIGHCVE-2026-5403EXP

Heap-based Buffer Overflow in Wireshark

Trending: 63

HIGHCVE-2026-5299EXP

Uncontrolled Recursion in Wireshark

Trending: 35

MEDIUMCVE-2026-6537EXP

Stack-based Buffer Overflow in Wireshark

Trending: 34

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 30, 2026

Discovered by ZDM

Apr 30, 2026

Updated: severity

Apr 30, 2026

Patch Available

May 1, 2026

Version History

Last enriched 4d ago

v2Tier C4d ago

Updated severity to CRITICAL and noted that no exploit exists.

severity

via VulDB

v14d ago

Initial creation