Description
FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Uncontrolled recursion in Wireshark's FC‑SWILS protocol dissector causes the application to crash when it processes certain packets, leading to a denial of service. This weakness is classified as CWE‑674 and CWE‑1286, both describing uncontrolled recursion that can exhaust system resources. The impact is limited to the Wireshark process; however, repeated crashes can disrupt network monitoring operations and affect the availability of critical network diagnostics.

Affected Systems

Affected versions include Wireshark Foundation Wireshark versions 4.4.0 through 4.4.14 and 4.6.0 through 4.6.4. Administrators should verify that any installations outside these ranges are not impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of < 1% suggests a very low probability of exploitation, but the vulnerability can still be triggered by an attacker who can supply crafted FC‑SWILS traffic—most likely over an external network. Since this vulnerability is not listed in the CISA KEV catalog, there are no known active exploits, yet the possibility of local or remote exploitation remains if attackers can feed the vulnerable traffic into Wireshark. The attack vector is therefore inferred to be from malicious traffic that can be delivered to a running Wireshark instance.

Generated by OpenCVE AI on May 4, 2026 at 13:52 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade to Wireshark 4.6.5 or newer
  • Disable the FC‑SWILS dissector when it is not required to prevent processing of malicious packets
  • Implement network filtering or traffic shaping rules to limit FC‑SWILS traffic until a patch is applied

Generated by OpenCVE AI on May 4, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6249-1 wireshark security update
History

Mon, 04 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1286
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Uncontrolled Recursion in Wireshark
Weaknesses CWE-674
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:56:20.888Z

Reserved: 2026-04-02T06:33:31.669Z

Link: CVE-2026-5406

cve-icon Vulnrichment

Updated: 2026-04-30T12:56:01.381Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:37.990

Modified: 2026-05-01T19:26:17.060

Link: CVE-2026-5406

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-30T05:40:24Z

Links: CVE-2026-5406 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T14:00:20Z

Weaknesses