Home / Vulnerability Intelligence / CVE-2026-6520

CVE-2026-6520 - Vulnerability Analysis

MediumCVSS: 5.5

Last Updated: May 1, 2026

Wireshark - Denial of Service

Published: April 30, 2026Updated: May 1, 2026PoC Available

Overview

Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 contain an infinite loop vulnerability in the OpenFlow v6 protocol dissector, letting remote attackers cause denial of service, exploit requires crafted packets.

Severity & Score

Severity: Medium

CVSS Score: 5.5

Impact

Attackers can cause denial of service by triggering an infinite loop in the protocol dissector.

Mitigation

Update to the latest version beyond 4.6.4 or 4.4.14.

References

https://www.wireshark.org/security/wnpa-sec-2026-40.html
https://gitlab.com/wireshark/wireshark/-/work_items/21181

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-6520
Severity: Medium
CVSS Score: 5.5
Type: denial_of_service
Status: confirmed

CWE

CWE-835

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H