CVE-2026-5405: Heap-based Buffer Overflow in Wireshark
Published Apr 30, 2026
·Updated
RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Affected Software
3 affected components
Wireshark Wireshark>=4.6.0<=4.6.4, >=4.4.0<=4.4.14
Wireshark Wireshark>=4.4.0<4.4.15
Wireshark Wireshark>=4.6.0<4.6.5
Remediation
Information
Upgrade to version 4.6.5 or above
Event History
Apr 30, 2026
CVE Published
via MITRE·11:03 PM
Data Sourced
via MITRE·11:03 PM
RemedyDescriptionSeverityWeakness
May 1, 2026
Data Sourced
via NVD·12:16 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-5405?
CVE-2026-5405 has a high severity rating as it can lead to denial of service and potential code execution.
2
How do I fix CVE-2026-5405?
To fix CVE-2026-5405, you should upgrade Wireshark to version 4.6.5 or later.
3
Which versions of Wireshark are affected by CVE-2026-5405?
CVE-2026-5405 affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.
4
What type of vulnerability is CVE-2026-5405?
CVE-2026-5405 is a heap-based buffer overflow vulnerability in the RDP protocol dissector.
5
What are the potential impacts of CVE-2026-5405?
The potential impacts of CVE-2026-5405 include a crash of Wireshark and possible arbitrary code execution.