CVE-2026-5401

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-5401
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-5401.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-5401
Downstream
Published
2026-04-30T05:39:09.207Z
Modified
2026-05-01T04:33:04.193007Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Uncontrolled Recursion in Wireshark
Details

AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

Database specific 
{
    "cwe_ids": [
        "CWE-674"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5401.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
cdfb6721e77c19d43f4787f66e9d5f2525281a22
Fixed
b40c46f8386770910317bea2e9187b835502d1b4
Introduced
009a163470b581c7d3ee66d89c819cef1f9e50fe
Fixed
8b505c070d65e18c1f33823c4f3fe78af6034b6d
Database specific 
{
    "extracted_events": [
        {
            "introduced": "4.6.0"
        },
        {
            "fixed": "4.6.5"
        },
        {
            "introduced": "4.4.0"
        },
        {
            "fixed": "4.4.15"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v4.*
v4.4.0
v4.4.1
v4.4.10
v4.4.10rc0
v4.4.11
v4.4.11rc0
v4.4.12
v4.4.12rc0
v4.4.13
v4.4.13rc0
v4.4.14
v4.4.14rc0
v4.4.15rc0
v4.4.1rc0
v4.4.2
v4.4.2rc0
v4.4.3
v4.4.3rc0
v4.4.4
v4.4.4rc0
v4.4.5
v4.4.5rc0
v4.4.6
v4.4.6rc0
v4.4.7
v4.4.7rc0
v4.4.8
v4.4.8rc0
v4.4.9
v4.4.9rc0
v4.6.0
v4.6.1
v4.6.1rc0
v4.6.2
v4.6.2rc0
v4.6.3
v4.6.3rc0
v4.6.4
v4.6.4rc0
v4.6.5rc0
wireshark-4.*
wireshark-4.4.0
wireshark-4.4.1
wireshark-4.4.2
wireshark-4.4.3
wireshark-4.4.4
wireshark-4.4.5
wireshark-4.4.6
wireshark-4.4.7
wireshark-4.4.8
wireshark-4.4.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-5401.json"