Wireshark has released emergency security updates 4.6.7 and 4.4.17 to patch twelve critical vulnerabilities that can crash the application or leak sensitive memory. These flaws are primarily triggered by maliciously crafted packet capture files and affect core protocol dissectors across both maintenance branches. The most severe issue involves uninitialized memory reads in the BLF file parser, which could expose private system data to attackers. Network analysts and IT professionals are strongly urged to upgrade immediately to protect their infrastructure from file-based exploits.
Wireshark Issues Emergency Security Patch for 4.6 and 4.4 Branches
Twelve critical vulnerabilities fixed in 4.6.7 and 4.4.17 releases, including a dangerous memory leak and a handful of crash bugs that can be triggered just by opening a file.
Wireshark has released emergency security updates 4.6.7 and 4.4.17 today, July 8, 2026, patching twelve separate vulnerabilities that could crash the application or leak sensitive memory. If you are running any version between 4.4.0/4.6.0 and the latest releases, you need to upgrade immediately.
The bulk of these fixes target the same underlying issues across both maintenance branches. Eleven of the twelve reported CVEs affect the 4.4 and 4.6 lines equally. The remaining vulnerabilities are isolated to the newer 4.6.x series, specifically tying into TLS ECH decryption and the pcapng file parser. Together, they form the most significant security batch Wireshark has shipped this year.
What Actually Breaks When You Open a File
You do not need a live network connection to trigger these flaws. Most reported issues stem from poorly crafted packet capture files or malformed protocol data. Open a malicious trace and the dissector for Wi-Fi, SSH, or the BLF format can blow up. Nine of the twelve vulnerabilities are classified as crashes or denial-of-service conditions. An attacker could easily make Wireshark hang by feeding it a bad file or redirecting traffic to a hostile device.
The real headache here is CVE-2026-15168. Keep in mind that the BLF file parser reads uninitialized memory and spills whatever happens to be sitting in that RAM slot. It is a straightforward information disclosure vector, but one that security teams will definitely want to patch right away. The infinite loop bugs affecting MIH, MPEG DSM-CC, and eDonkey dissectors are similarly annoying, chewing through CPU cycles until the system chokes.
A handful of researchers and automated jobs spotted these problems. Claude, Ada Logics, and several independent security engineers contributed to the reports. Internal fuzzing caught the loop issues before they could slip out the door. Wiresharkâs team has tied each finding to a specific GitLab issue, ranging from the SSH dissector to the UMTS Frame Protocol. It is a clean, well-documented patch from start to finish.
Beyond the Security Fixes
Wireshark 4.6.7 and 4.4.17 also bring standard maintenance updates. The Windows installers now ship with Visual Studio 2026 for both branches. The 4.4 line upgrades Qt to version 6.7.3. You will also notice the extcap binaries shifting to the libexec directory on UNIX systems by default. Several protocol dissectors got updated, including DCERPC and various telecom testing formats exclusive to the 4.6 branch.
This patch follows a clear pattern of increasingly aggressive emergency releases. Just weeks ago, Wireshark shipped 4.6.5 and 4.4.15 to address another wave of fuzzing findings. Network analysis tools have always treated external files as inherently untrusted. That paranoid stance pays off here, though it does make handling third-party traces a bit of a chore. It is a rather aggressive patch cycle for a maintenance release, but the number of crash bugs justifies the urgency. Keeping your capture tool patched is no longer optional.
Head to the official Wireshark download page to grab 4.6.7 or 4.4.17 as soon as you can. The release notes include full CVE mappings and the exact GitLab issue trackers for anyone who wants to dig into the code changes. If you are still running an unpatched version, consider this your reminder that a malformed pcap file is all it takes to trip a wire.
