CVE-2026-6525
Analyzed Analyzed - Analysis Complete
IEEE 802.11 Protocol Dissector Crash in Wireshark

Publication date: 2026-05-02

Last updated on: 2026-05-05

Assigner: GitLab Inc.

Description
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6525
EUVD
EUVD-2026-26785
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wireshark wireshark From 4.6.0 (inc) to 4.6.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate and recommended mitigation step is to upgrade Wireshark to version 4.6.5 or later, where this vulnerability has been resolved.

Avoid opening untrusted or suspicious IEEE 802.11 packet capture files that could contain malformed packets designed to trigger the crash.

Monitor for any unexpected crashes when analyzing wireless packet captures and apply updates promptly.

Executive Summary

The CVE-2026-6525 vulnerability affects Wireshark versions 4.6.0 to 4.6.4. It involves the IEEE 802.11 protocol dissector crashing when processing malformed packets.

An attacker can exploit this by injecting a malformed packet or tricking a user into opening a malicious packet trace file, causing Wireshark to crash.

This issue was discovered by Nils Bagge and is fixed in Wireshark version 4.6.5 or later.

Impact Analysis

This vulnerability can cause Wireshark to crash unexpectedly when processing certain malformed IEEE 802.11 packets.

An attacker could exploit this to disrupt your use of Wireshark by causing denial of service through crashes.

However, there are no known exploits currently available for this issue.

Detection Guidance

The vulnerability in Wireshark versions 4.6.0 to 4.6.4 is triggered by processing malformed IEEE 802.11 packets, which can cause the dissector to crash.

Detection involves identifying if your Wireshark installation is within the affected versions and monitoring for crashes when opening or analyzing IEEE 802.11 packet captures.

There are no specific commands provided to detect the vulnerability directly on your network or system.

However, you can check your Wireshark version by running the command:

  • wireshark --version

To detect potential malformed IEEE 802.11 packets that might trigger the crash, you can analyze capture files for unusual or malformed packets, but no explicit detection commands are provided.

Compliance Impact

The provided information does not specify any direct impact of the CVE-2026-6525 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6525. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart