CVE-2026-0959 – A vulnerability in Wireshark's IEEE 802.11 prot... (How to Fix)

Q: What is the severity of CVE-2026-0959?

CVE-2026-0959 has a CVSS score of 5.3 (MEDIUM). A vulnerability in Wireshark's IEEE 802.11 protocol dissector causes crashes when processing specially crafted wireless network packets. This affects Wireshark users analyzing wireless traffic in versions 4.6.0-4.6.2 and 4.4.0-4.4.12, allowing denial of service attacks against the Wireshark application.

📋 TL;DR

A vulnerability in Wireshark's IEEE 802.11 protocol dissector causes crashes when processing specially crafted wireless network packets. This affects Wireshark users analyzing wireless traffic in versions 4.6.0-4.6.2 and 4.4.0-4.4.12, allowing denial of service attacks against the Wireshark application.

💻 Affected Systems

Products:

Wireshark

Versions: 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12

Operating Systems: All platforms running affected Wireshark versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when analyzing wireless (802.11) network traffic. Wireshark must be actively capturing or analyzing packets.

📦 What is this software?

Wireshark by Wireshark

View all CVEs affecting Wireshark →

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark crashes repeatedly when analyzing malicious wireless traffic, preventing network analysis and potentially disrupting monitoring operations.

🟠

Likely Case

Wireshark crashes when encountering specially crafted 802.11 packets, requiring restart and potentially losing capture data.

🟢

If Mitigated

No impact if Wireshark is not used or if patched versions are deployed.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; requires local network access to wireless traffic.

🏢 Internal Only: MEDIUM - Internal attackers could craft malicious wireless packets to crash Wireshark instances used for network monitoring.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to inject specially crafted 802.11 packets into wireless networks being monitored. No authentication needed to trigger crash.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Wireshark 4.6.3 and 4.4.13

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2026-02.html

Restart Required: Yes

Instructions:

1. Download latest Wireshark from wireshark.org. 2. Install over existing version. 3. Restart Wireshark and any related services.

🔧 Temporary Workarounds

Disable 802.11 Protocol Dissector

all

Prevent Wireshark from parsing 802.11 wireless traffic

Edit preferences -> Protocols -> IEEE 802.11 -> Disable

Use Capture Filter

all

Filter out wireless traffic during capture

Capture filter: not wlan

🧯 If You Can't Patch

Restrict wireless network monitoring to trusted sources only
Use alternative network analysis tools for wireless traffic inspection

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version in Help -> About Wireshark

Check Version:

wireshark --version

Verify Fix Applied:

Confirm version is 4.6.3+ or 4.4.13+ and test with wireless traffic

📡 Detection & Monitoring

Log Indicators:

Wireshark crash logs
Application error events mentioning Wireshark

Network Indicators:

Unusual 802.11 packet patterns targeting monitoring systems

SIEM Query:

source="wireshark" AND (event="crash" OR severity="critical")

📊 Metadata

CVE ID: CVE-2026-0959

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-787

EPSS Score: 0.03% exploit probability (6.9th percentile)

Published: January 14, 2026

Last Updated: January 21, 2026

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/20939 Issue Tracking,Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2026-02.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0959, you might also want to check these: