Vulnerability CVE-2026-5405: Information

Description

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-5405
Published: May 1, 2026
Modified: May 4, 2026
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
wiresharksisyphus4.6.5-alt14.6.5-alt1ALT-PU-2026-7053-4416999Fixed
wiresharksisyphus_e2k4.6.5-alt14.6.5-alt1ALT-PU-2026-7283-1-Fixed
wiresharksisyphus_riscv644.6.5-alt14.6.5-alt1ALT-PU-2026-7475-1-Fixed
wiresharksisyphus_loongarch644.6.5-alt14.6.5-alt1ALT-PU-2026-7491-1-Fixed
wiresharkp114.6.5-alt14.6.5-alt1ALT-PU-2026-7055-3417000Fixed
wiresharkc10f24.6.5-alt14.6.5-alt1ALT-PU-2026-7057-4417002Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.com/wireshark/wireshark/-/issues/21105
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2026-17.html
  • Vendor Advisory
BDU:2026-06400
      1. cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
        Start including
        4.4.0
        End excluding
        4.4.15
        cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
        Start including
        4.6.0
        End excluding
        4.6.5
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top