<Vulnerability name="CVE-2026-15166">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-08T20:55:55</PublicDate>
    <Bugzilla id="2498314" url="https://bugzilla.redhat.com/show_bug.cgi?id=2498314" xml:lang="en:us">
Wireshark: Wireshark: Denial of Service via IEEE 802.11 protocol dissector crash
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>5.7</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-476</CWE>
    <Details xml:lang="en:us" source="Mitre">
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in Wireshark, a network protocol analyzer. An attacker could exploit this vulnerability by sending a specially crafted network packet, which would cause the IEEE 802.11 protocol dissector to crash. This issue results in a denial of service, making the Wireshark application unresponsive and unavailable to users.
    </Details>
    <Statement xml:lang="en:us">
This Moderate impact flaw in Wireshark allows a denial of service when processing specially crafted IEEE 802.11 network packets. The vulnerability affects the availability of the Wireshark application, potentially disrupting network analysis operations, and requires an attacker to inject or present malicious 802.11 traffic to the system.
    </Statement>
    <Mitigation xml:lang="en:us">
To mitigate this issue, avoid analyzing untrusted network traffic with Wireshark. Restrict the use of Wireshark to trusted environments where the source of network packets can be verified.
    </Mitigation>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>wireshark</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-15166
https://nvd.nist.gov/vuln/detail/CVE-2026-15166
https://gitlab.com/wireshark/wireshark/-/work_items/21391
https://www.wireshark.org/security/wnpa-sec-2026-57.html
    </References>
</Vulnerability>