Cyber Posture

CVE-2026-5655

MediumPublic PoC

Published: 30 April 2026

Published
30 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0002 5.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5655 is a medium-severity Use After Free (CWE-416) vulnerability in Wireshark Wireshark. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires identification, prioritization, and timely remediation of flaws such as the Use After Free vulnerability in Wireshark's SDP dissector to eliminate the DoS crash condition.

RA-5 Vulnerability Monitoring and Scanning good match
detect

Mandates vulnerability scanning to identify systems running affected Wireshark versions 4.6.0 through 4.6.4 vulnerable to CVE-2026-5655.

SI-5 Security Alerts, Advisories, and Directives partial match
detect

Ensures monitoring and dissemination of security advisories like Wireshark's WNPA-SEC-2026-19 to enable proactive flaw remediation for this SDP dissector issue.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Vulnerability triggers DoS crash via malicious PCAP file opened by user (T1204.002); directly enables endpoint DoS through client application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service

Deeper analysisAI

CVE-2026-5655 is a vulnerability in the SDP protocol dissector within Wireshark versions 4.6.0 through 4.6.4 that triggers a crash, resulting in a denial-of-service condition. This issue stems from CWE-416 (Use After Free) and carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), indicating medium severity with high availability impact.

An attacker with local access can exploit this vulnerability with low complexity and no required privileges, but it necessitates user interaction, such as convincing a user to open a malicious packet capture file in Wireshark. Successful exploitation causes the application to crash, disrupting availability without affecting confidentiality or integrity.

Wireshark's security advisory WNPA-SEC-2026-19 provides details on the issue, available at https://www.wireshark.org/security/wnpa-sec-2026-19.html. Additional information is documented in related GitLab entries at https://gitlab.com/wireshark/wireshark/-/issues/21112 and https://gitlab.com/wireshark/wireshark/-/work_items/21112.

Details

CWE(s)
CWE-416

Affected Products

wireshark
wireshark
4.6.0 — 4.6.4

CVEs Like This One

CVE-2026-3203Same product: Wireshark Wireshark
CVE-2025-1492Same product: Wireshark Wireshark
CVE-2026-7375Same product: Wireshark Wireshark
CVE-2026-5653Same product: Wireshark Wireshark
CVE-2026-5657Same product: Wireshark Wireshark
CVE-2026-6519Same product: Wireshark Wireshark
CVE-2026-5654Same product: Wireshark Wireshark
CVE-2026-6520Same product: Wireshark Wireshark
CVE-2026-3201Same product: Wireshark Wireshark
CVE-2026-6868Same product: Wireshark Wireshark

References