CVE-2026-5404: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in Wireshark
Published Apr 30, 2026
·Updated
K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Affected Software
3 affected components
Wireshark Wireshark>=4.6.0<=4.6.4, >=4.4.0<=4.4.14
Wireshark Wireshark>=4.4.0<4.4.15
Wireshark Wireshark>=4.6.0<4.6.5
Remediation
Information
Upgrade to version 4.6.5 or above
Event History
Apr 30, 2026
CVE Published
via MITRE·11:04 PM
Data Sourced
via MITRE·11:04 PM
RemedyDescriptionSeverityWeakness
May 1, 2026
Data Sourced
via NVD·12:16 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-5404?
CVE-2026-5404 has a severity rating that indicates it may lead to a denial of service due to a buffer overflow.
2
How do I fix CVE-2026-5404?
To fix CVE-2026-5404, update Wireshark to a version newer than 4.6.4 or 4.4.14.
3
What versions of Wireshark are affected by CVE-2026-5404?
CVE-2026-5404 affects Wireshark versions 4.6.0 to 4.6.4 and versions 4.4.0 to 4.4.14.
4
What type of vulnerability is CVE-2026-5404?
CVE-2026-5404 is a buffer overflow vulnerability that allows for denial of service.
5
What impact does CVE-2026-5404 have on system security?
CVE-2026-5404 can cause a crash of Wireshark, leading to disruption of network analysis activities.