{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5409", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2026-04-02T07:03:43.324Z", "datePublished": "2026-04-30T05:41:19.212Z", "dateUpdated": "2026-04-30T12:58:18.159Z"}, "containers": {"cna": {"title": "Uncontrolled Recursion in Wireshark", "descriptions": [{"lang": "en", "value": "Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.6.0", "status": "affected", "lessThan": "4.6.5", "versionType": "semver"}, {"version": "4.4.0", "status": "affected", "lessThan": "4.4.15", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-674: Uncontrolled Recursion", "cweId": "CWE-674", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-08.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/21066", "name": "GitLab Issue #21066", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.5 or above"}], "credits": [{"lang": "en", "value": "Brendan Coles", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-30T05:41:19.212Z"}}, "adp": [{"references": [{"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21066", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-30T12:57:30.358494Z", "id": "CVE-2026-5409", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-30T12:58:18.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5409", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-30T12:57:30.358494Z"}}}], "references": [{"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21066", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-30T12:57:43.554Z"}}], "cna": {"title": "Uncontrolled Recursion in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "Brendan Coles"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.6.0", "lessThan": "4.6.5", "versionType": "semver"}, {"status": "affected", "version": "4.4.0", "lessThan": "4.4.15", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.6.5 or above"}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2026-08.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/21066", "name": "GitLab Issue #21066", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2026-04-30T05:41:19.212Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5409", "state": "PUBLISHED", "dateUpdated": "2026-04-30T12:58:18.159Z", "dateReserved": "2026-04-02T07:03:43.324Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2026-04-30T05:41:19.212Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "77CF79F1-B53C-40A7-9570-A192D5A85ED6", "versionEndIncluding": "4.4.14", "versionStartIncluding": "4.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "B52139AE-161F-406A-B28D-F874CE8B68B6", "versionEndIncluding": "4.6.4", "versionStartIncluding": "4.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"}], "id": "CVE-2026-5409", "lastModified": "2026-05-01T19:27:46.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-04-30T07:16:38.383", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/21066"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2026-08.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/work_items/21066"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "wireshark: Wireshark: Denial of service via Monero protocol dissector crash", "id": "2464021", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464021"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the Monero protocol dissector, leading to a crash of the application. This could result in a denial of service (DoS) for users analyzing network traffic."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, users can disable the Monero protocol dissector in Wireshark. This prevents the vulnerable code from being executed when analyzing network traffic containing Monero protocol data.\nTo disable the dissector:\n1. Open Wireshark.\n2. Go to `Analyze` -> `Enabled Protocols...`.\n3. In the `Enabled Protocols` dialog, uncheck the box next to `Monero`.\n4. Click `OK`.\nAlternatively, users can avoid opening untrusted network trace files. Disabling the dissector may affect the ability to analyze legitimate Monero protocol traffic."}, "name": "CVE-2026-5409", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-30T05:41:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-5409\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-5409\nhttps://gitlab.com/wireshark/wireshark/-/issues/21066\nhttps://www.wireshark.org/security/wnpa-sec-2026-08.html"], "threat_severity": "Moderate"}