CVE Field Guide
About Us
CVE-2026-6526
PUBLISHED
NULL Pointer Dereference in Wireshark
Assigner:
GitLab
Reserved:
17.04.2026
Published:
30.04.2026
Updated:
30.04.2026
RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4
Metrics
CVSS 3.1
CVSS Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS Score:
5.5
CVSS score
5.5
Attack Vector
Local
Scope
Unchanged
Attack Complexity
Low
Confidentiality Impact
None
Privileges Required
None
Integrity Impact
None
User Interaction
Required
Availability Impact
High
CVSS 3.1
Product Status
Vendor
Wireshark Foundation
Product
Wireshark
Versions
Default:
unaffected
affected from 4.6.0 to 4.6.5 (excl.)
Solutions
Upgrade to version 4.6.5 or above
Credits
Alexandre de Oliveira
finder
References
https://www.wireshark.org/security/wnpa-sec-2026-35.html
https://gitlab.com/wireshark/wireshark/-/work_items/21173
Problem Types
CWE-476: NULL Pointer Dereference
CWE