VYPR
Vypr IntelligenceAI-generatedJul 8, 2026· 12 CVEs

Wireshark: Twelve DoS and Info Disclosure Vulnerabilities Disclosed Together

A dozen vulnerabilities, mostly denial-of-service flaws, were disclosed for Wireshark on July 8, 2026, impacting various protocol dissectors and file parsers.

Key findings

  • Twelve Wireshark vulnerabilities disclosed on July 8, 2026, primarily DoS flaws.
  • Flaws affect multiple protocol dissectors and file parsers, including IEEE 802.11, SSH, and pcapng.
  • One information disclosure vulnerability (CVE-2026-15168) also disclosed.
  • Moderate severity DoS bugs range from CVSSv3 5.5 to 6.5.
  • Users urged to update Wireshark to the latest version to patch these issues.

On July 8, 2026, a batch of twelve vulnerabilities was disclosed for the Wireshark network protocol analyzer. The vulnerabilities, disclosed within a one-hour window, primarily consist of denial-of-service (DoS) flaws affecting various protocol dissectors and file parsers, with one instance of information disclosure. These vulnerabilities could allow an attacker to crash Wireshark, potentially disrupting network analysis.

The majority of the disclosed vulnerabilities are denial-of-service flaws, stemming from crashes in specific protocol dissectors or file parsers. These include issues in the BLF file parser (CVE-2026-15168), IEEE 802.11 (CVE-2026-15166), Catapult DCT2000 (CVE-2026-15174), FMP/NOTIFY (CVE-2026-15172), pcapng file parser (CVE-2026-15173), SSH (CVE-2026-15171), UMTS FP (CVE-2026-15169), DBS Etherwatch file parser (CVE-2026-15167), Z39.50 (CVE-2026-15170), TLS ECH decryptor (CVE-2026-15165), and ciscodump (CVE-2026-15164). Additionally, CVE-2026-15163 points to multiple protocol dissectors experiencing infinite loops, also leading to denial of service.

One vulnerability, CVE-2026-15168, is categorized as an information disclosure flaw within the BLF file parser. While most of the denial-of-service vulnerabilities have a moderate severity rating (CVSSv3 ranging from 5.5 to 6.5), the information disclosure vulnerability is rated as low (CVSSv3 2.5). The coordinated disclosure of these twelve CVEs on the same day suggests a focused effort to address these specific issues within Wireshark's parsing and dissection capabilities.

The impact of these vulnerabilities is primarily the potential for Wireshark instances to crash when processing specially crafted network traffic or files. This could be exploited by an attacker to disrupt network monitoring and analysis activities. The specific details regarding exploitation in the wild or named threat actors were not provided in the disclosure information.

Users of Wireshark are advised to update to the latest version to patch these vulnerabilities. As these were disclosed as a batch, it is likely that a single update addresses all of them. Specific version information for the fix was not detailed in the provided CVE descriptions, but typically such disclosures are accompanied by a new stable release from the Wireshark project.

This batch of vulnerabilities underscores the importance of keeping network analysis tools updated, as flaws in dissectors can be triggered by network traffic that analysts might encounter. Users should ensure they are running a version of Wireshark that mitigates these denial-of-service and information disclosure risks to maintain the integrity of their network monitoring.

The vulnerabilities disclosed include:

Users are strongly encouraged to update their Wireshark installations to the latest available version to protect against these issues.

AI-written article. Grounded in 12 CVE records listed below.