Description
MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An infinite loop in the MBIM protocol dissector causes Wireshark to consume resources until it becomes unresponsive, leading to a denial of service. The flaw is caused by an unreachable exit condition in the loop logic. The vulnerability is catalogued as CWE‑835 and can destroy service availability for any user running Wireshark with the affected MBIM dissector enabled.

Affected Systems

The bug applies to Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. Users of the Wireshark Foundation’s Wireshark product within these release ranges are at risk unless mitigated. No other vendors or product lines are listed as affected.

Risk and Exploitability

With a CVSS score of 5.5, the flaw represents a moderate severity risk. The EPSS score is not available, so the current likelihood of exploitation in the wild is unknown. The vulnerability is not listed in the CISA KEV catalog. Because the impact only arises when Wireshark parses network traffic containing the MBIM protocol, the likely attack vector is local: an attacker could supply or induce Wireshark to process a crafted MBIM capture, causing the loop to trigger. No conditions for remote exploitation or privilege escalation are described, so the scope is limited to the user’s environment.

Generated by OpenCVE AI on April 30, 2026 at 13:52 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade to Wireshark 4.6.5 or later
  • Disable the MBIM protocol dissector if it is not needed for analysis
  • Monitor system CPU and memory usage when processing captures to detect excessive resource consumption

Generated by OpenCVE AI on April 30, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Thu, 30 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Title Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-04-30T12:32:21.685Z

Reserved: 2026-04-17T15:05:07.925Z

Link: CVE-2026-6519

cve-icon Vulnrichment

Updated: 2026-04-30T12:32:17.417Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T07:16:39.030

Modified: 2026-05-01T16:41:02.167

Link: CVE-2026-6519

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses