The Wireshark Foundation released Wireshark version 4.6.3 on January 14, 2026, addressing four critical security vulnerabilities and multiple stability issues affecting the popular network protocol analysis tool.
The maintenance update targets crashes and infinite loop conditions that could impact analysis workflows and system stability.
Security Vulnerabilities Resolved
The release patches four distinct security flaws identified between versions 4.6.0 and 4.6.2, as well as the 4.4.x branch spanning versions 4.4.0 through 4.4.12.
The BLF file parser vulnerability (wnpa-sec-2026-01) could trigger crashes when processing malformed packet trace files.
Security researcher OSS-Fuzz discovered the IEEE 802.11 dissector crash (wnpa-sec-2026-02), which presents exploitation risks through both malicious packet injection and crafted trace files.
Researcher Fatih Çelik identified a crash condition in the SOME/IP-SD dissector (wnpa-sec-2026-03), which affects the protocol used in automotive Ethernet communications.
The HTTP3 dissector vulnerability (wnpa-sec-2026-04), discovered by Tom Needham, creates an infinite loop during traffic decryption operations that exhausts CPU resources.
Vulnerability Impact Assessment
| Security Advisory | Vulnerability Type | Attack Vector | Affected Versions |
| wnpa-sec-2026-01 | BLF parser crash | Malformed trace files | 4.6.0-4.6.2, 4.4.0-4.4.12 |
| wnpa-sec-2026-02 | IEEE 802.11 crash | Packet injection/trace files | 4.6.0-4.6.2, 4.4.0-4.4.12 |
| wnpa-sec-2026-03 | SOME/IP-SD crash | Packet injection/trace files | 4.6.0-4.6.2, 4.4.0-4.4.12 |
| wnpa-sec-2026-04 | HTTP3 infinite loop | Malformed trace files | 4.6.0-4.6.2, 4.4.0-4.4.12 |
Beyond security patches, version 4.6.3 resolves nine functional bugs impacting platform compatibility and protocol dissection accuracy.
The update fixes Solaris build failures, RTP Player stream control issues, and ABI/API compatibility problems.
Protocol-specific corrections address IEEE 802.11 QoS field parsing errors when frames contain Aggregated MAC Service Data Units, 5G NAS message decoding for Extended CAG information lists, and maxmind_db crashes during profile switching.
Organizations using Wireshark for network troubleshooting, security analysis, or protocol development should prioritize upgrading to version 4.6.3 or the parallel 4.4.13 release.
The Wireshark Foundation emphasizes that no active exploits exist for these vulnerabilities, though the combination of crash conditions and resource exhaustion vectors presents denial-of-service risks in production environments.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.