CVE-2026-6525
IEEE 802.11 Protocol Dissector Crash in Wireshark
Publication date: 2026-05-02
Last updated on: 2026-05-05
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade Wireshark to version 4.6.5 or later, where this vulnerability has been resolved.
Avoid opening untrusted or suspicious IEEE 802.11 packet capture files that could contain malformed packets designed to trigger the crash.
Monitor for any unexpected crashes when analyzing wireless packet captures and apply updates promptly.
Can you explain this vulnerability to me?
The CVE-2026-6525 vulnerability affects Wireshark versions 4.6.0 to 4.6.4. It involves the IEEE 802.11 protocol dissector crashing when processing malformed packets.
An attacker can exploit this by injecting a malformed packet or tricking a user into opening a malicious packet trace file, causing Wireshark to crash.
This issue was discovered by Nils Bagge and is fixed in Wireshark version 4.6.5 or later.
How can this vulnerability impact me? :
This vulnerability can cause Wireshark to crash unexpectedly when processing certain malformed IEEE 802.11 packets.
An attacker could exploit this to disrupt your use of Wireshark by causing denial of service through crashes.
However, there are no known exploits currently available for this issue.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability in Wireshark versions 4.6.0 to 4.6.4 is triggered by processing malformed IEEE 802.11 packets, which can cause the dissector to crash.
Detection involves identifying if your Wireshark installation is within the affected versions and monitoring for crashes when opening or analyzing IEEE 802.11 packet captures.
There are no specific commands provided to detect the vulnerability directly on your network or system.
However, you can check your Wireshark version by running the command:
- wireshark --version
To detect potential malformed IEEE 802.11 packets that might trigger the crash, you can analyze capture files for unusual or malformed packets, but no explicit detection commands are provided.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-6525 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.