CVE-2026-15168
Received Received - Intake

BLF File Parser Information Disclosure in Wireshark

Vulnerability report for CVE-2026-15168, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitLab Inc.

Description

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
wireshark wireshark to 4.6.6 (inc)
wireshark wireshark to 4.4.16 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-457 The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the BLF file parser component of Wireshark versions 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16. It allows for possible information disclosure, meaning that an attacker could potentially access information that should be protected.

Impact Analysis

The impact of this vulnerability is limited to information disclosure. An attacker might be able to obtain sensitive information from the affected Wireshark versions. The CVSS score of 2.5 indicates a low severity, requiring local access with high attack complexity and user interaction.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart