CVE-2026-6525 - Vulnerability Details - OpenCVE

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Wireshark	Wireshark

No data.

No data.

References

Link	Providers
https://gitlab.com/wireshark/wireshark/-/work_items/21008
https://nvd.nist.gov/vuln/detail/CVE-2026-6525
https://www.cve.org/CVERecord?id=CVE-2026-6525
https://www.wireshark.org/security/wnpa-sec-2026-36.html

History

Tue, 05 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-6525 https://www.cve.org/CVERecord?id=CVE-2026-6525
Metrics	threat_severity `None`	threat_severity `Moderate`

Mon, 04 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 02 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wireshark Wireshark wireshark
Vendors & Products		Wireshark Wireshark wireshark

Sat, 02 May 2026 12:00:00 +0000

Type	Values Removed	Values Added
Description		IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4
Title		NULL Pointer Dereference in Wireshark
Weaknesses		CWE-476
References		https://gitlab.com/wireshark/wireshark/-/work_items/21008 https://www.wireshark.org/security/wnpa-sec-2026-36.html
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2026-05-02T11:33:33.147Z

Updated: 2026-05-04T14:59:08.976Z

Reserved: 2026-04-17T15:05:37.692Z

Link: CVE-2026-6525

Vulnrichment

Updated: 2026-05-04T14:59:03.476Z

NVD

Status : Awaiting Analysis

Published: 2026-05-02T12:16:16.887

Modified: 2026-05-04T16:16:02.780

Link: CVE-2026-6525

Redhat

Severity : Moderate

Publid Date: 2026-05-02T11:33:33Z

Links: CVE-2026-6525 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6525", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-04-17T15:05:37.692Z", "datePublished": "2026-05-02T11:33:33.147Z", "dateUpdated": "2026-05-04T14:59:08.976Z"}, "containers": {"cna": {"title": "NULL Pointer Dereference in Wireshark", "descriptions": [{"lang": "en", "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-476: NULL Pointer Dereference", "cweId": "CWE-476", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-36.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.5 or above"}], "credits": [{"lang": "en", "value": "Nils Bagge", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-05-02T11:33:33.147Z"}}, "adp": [{"references": [{"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T14:58:39.606065Z", "id": "CVE-2026-6525", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T14:59:08.976Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6525", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-04T14:58:39.606065Z"}}}], "references": [{"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T14:59:03.476Z"}}], "cna": {"title": "NULL Pointer Dereference in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "Nils Bagge"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.5 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-36.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21008"}], "descriptions": [{"lang": "en", "value": "IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-05-02T11:33:33.147Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6525", "state": "PUBLISHED", "dateUpdated": "2026-05-04T14:59:08.976Z", "dateReserved": "2026-04-17T15:05:37.692Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-05-02T11:33:33.147Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"bugzilla": {"description": "wireshark: NULL Pointer Dereference in Wireshark", "id": "2464650", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464650"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.4", "A flaw was found in the IEEE 802.11 dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "If the IEEE 802.11 protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2026-6525", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-02T11:33:33Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6525\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6525\nhttps://gitlab.com/wireshark/wireshark/-/work_items/21008\nhttps://www.wireshark.org/security/wnpa-sec-2026-36.html"], "statement": "This issue will cause a crash in Wireshark with no other security impact. Also, this flaw can only be exploited when a malformed pcap file is processed. Due to these reasons, this vulnerability has been rated with a moderate severity.", "threat_severity": "Moderate"}