CVE-2026-6868
Published: 30 April 2026
Summary
CVE-2026-6868 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Wireshark Wireshark. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 5.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates identification, reporting, and timely remediation of software flaws like the stack-based buffer overflow in Wireshark's HTTP dissector to prevent DoS crashes.
Requires vulnerability scanning and monitoring to identify CVE-2026-6868 in deployed Wireshark instances across affected versions.
Ensures organizations receive and implement security advisories such as Wireshark's wnpa-sec-2026-46 for this HTTP dissector vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability triggered by user opening malicious packet capture file (T1204.002); stack buffer overflow enables application crash for DoS via exploitation (T1499.004).
NVD Description
HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Deeper analysisAI
CVE-2026-6868 is a vulnerability in the HTTP protocol dissector within Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14 that causes a crash, enabling denial of service. Published on 2026-04-30, it stems from CWE-121 (stack-based buffer overflow) and carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), indicating moderate severity primarily due to high availability impact with no confidentiality or integrity effects.
Exploitation requires local access to the victim's system with low complexity but necessitates user interaction, such as opening a malicious packet capture file in Wireshark. No privileges are required (PR:N), allowing an unprivileged local attacker to trigger the crash and disrupt Wireshark's operation, potentially halting analysis workflows.
Mitigation details are available in the Wireshark security advisory at https://www.wireshark.org/security/wnpa-sec-2026-46.html and the related GitLab issue at https://gitlab.com/wireshark/wireshark/-/work_items/21185, which likely include patches or workarounds for affected versions.
Details
- CWE(s)