CVE-2026-5657
Published: 30 April 2026
Summary
CVE-2026-5657 is a medium-severity Double Free (CWE-415) vulnerability in Wireshark Wireshark. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of the double free flaw in Wireshark's iLBC codec, directly preventing DoS crashes from malicious packet capture files.
Vulnerability scanning detects deployments of affected Wireshark versions (4.4.0-4.4.14, 4.6.0-4.6.4) vulnerable to this iLBC double free.
Memory protection mechanisms like ASLR and heap hardening mitigate double free vulnerabilities such as the iLBC codec crash in Wireshark.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is triggered when a user opens a malicious packet capture file containing crafted iLBC data, directly mapping to T1204.002. Exploitation results in a denial-of-service crash, aligning with T1499.004 as the vulnerability enables application DoS via exploitation.
NVD Description
iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Deeper analysisAI
CVE-2026-5657 is a vulnerability in the iLBC codec implementation within Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The flaw, classified under CWE-415 (Double Free), triggers a crash that results in a denial-of-service condition. It carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) and was published on 2026-04-30.
An attacker with local access can exploit this vulnerability with low complexity and no required privileges, though it demands user interaction, such as convincing a user to open a malicious packet capture file containing crafted iLBC codec data. Successful exploitation crashes the Wireshark application, causing a high-impact denial of service on availability without compromising confidentiality or integrity.
Wireshark's security advisory WNPA-SEC-2026-20 documents the issue, with related discussions and fixes tracked in GitLab issues #21113 and work item 21113. Mitigation involves updating to patched versions of Wireshark outside the affected ranges.
Details
- CWE(s)