CVE-2026-5405EXPLOITEDPATCHED

wireshark · wireshark

Heap-based Buffer Overflow in Wireshark

Description

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Affected Products

Vendor	Product	Versions
wireshark	wireshark	4.6.0, 4.4.0

References

https://www.wireshark.org/security/wnpa-sec-2026-17.html
https://gitlab.com/wireshark/wireshark/-/issues/21105(issue-tracking, permissions-required)

Related News (2 articles)

Tier D

Heise Security1h ago

Netzwerkanalysetool Wireshark: Zahlreiche Sicherheitslücken geschlossen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-5405 | Wireshark up to 4.4.14/4.6.4 RDP Protocol Dissector heap-based overflow (ID 21105)

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

null

CWECWE-122

PublishedApr 30, 2026

Last enriched3d agov2

Trending Score63

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5656EXP

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Trending: 63

HIGHCVE-2026-5403EXP

Heap-based Buffer Overflow in Wireshark

Trending: 63

HIGHCVE-2026-5402

Heap-based Buffer Overflow in Wireshark

Trending: 47

HIGHCVE-2026-5299EXP

Uncontrolled Recursion in Wireshark

Trending: 36

MEDIUMCVE-2026-6537EXP

Stack-based Buffer Overflow in Wireshark

Trending: 34

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 30, 2026

Discovered by ZDM

Apr 30, 2026

Updated: severity, activelyExploited, patchAvailable

May 1, 2026

Actively Exploited

May 2, 2026

Patch Available

May 2, 2026

Version History

Last enriched 3d ago

v2Tier C3d ago

Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit is available.

severityactivelyExploitedpatchAvailable

via VulDB

v13d ago

Initial creation