CVE-2026-5403: Heap-based Buffer Overflow in Wireshark
Published Apr 30, 2026
·Updated
SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Affected Software
3 affected components
Wireshark Wireshark>=4.6.0<=4.6.4, >=4.4.0<=4.4.14
Wireshark Wireshark>=4.4.0<4.4.15
Wireshark Wireshark>=4.6.0<4.6.5
Remediation
Information
Upgrade to version 4.6.5 or above
Event History
Apr 30, 2026
CVE Published
via MITRE·11:04 PM
Data Sourced
via MITRE·11:04 PM
RemedyDescriptionSeverityWeakness
May 1, 2026
Data Sourced
via NVD·12:16 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-5403?
CVE-2026-5403 has a high severity rating due to its potential for denial of service and possible code execution.
2
How do I fix CVE-2026-5403?
To fix CVE-2026-5403, upgrade Wireshark to version 4.6.5 or later, or 4.4.15 or later.
3
What versions of Wireshark are affected by CVE-2026-5403?
CVE-2026-5403 affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.
4
What impact does CVE-2026-5403 have on Wireshark users?
CVE-2026-5403 can cause a crash and may allow attackers to execute arbitrary code remotely, compromising system security.
5
Is there a workaround for CVE-2026-5403 until I can update Wireshark?
There are no known workarounds for CVE-2026-5403; updating to a fixed version is the recommended action.