CVE-2026-5407: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Published Apr 30, 2026
·Updated
SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Affected Software
3 affected components
Wireshark Wireshark>=4.6.0<=4.6.4, >=4.4.0<=4.4.14
Wireshark Wireshark>=4.4.0<=4.4.14
Wireshark Wireshark>=4.6.0<=4.6.4
Remediation
Information
Upgrade to version 4.6.5 or above
Event History
Apr 30, 2026
CVE Published
via MITRE·05:39 AM
Data Sourced
via MITRE·05:39 AM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·07:16 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-5407?
CVE-2026-5407 has a severity rating of high due to its potential to cause denial of service.
2
How do I fix CVE-2026-5407?
To fix CVE-2026-5407, update Wireshark to version 4.6.5 or later, or 4.4.15 or later.
3
What software versions are affected by CVE-2026-5407?
CVE-2026-5407 affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.
4
What kind of vulnerability is CVE-2026-5407?
CVE-2026-5407 is categorized as a loop with unreachable exit condition, leading to an infinite loop in the SMB2 protocol dissector.
5
Can CVE-2026-5407 be exploited remotely?
Yes, CVE-2026-5407 can potentially be exploited remotely, leading to a denial of service.