CVE-2026-9759

medium

Published 2026-05-27 · Modified 2026-06-01

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service

Predictions

Exploit likelihood

55%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker · View original ↗ · DFSG

CVE-2026-9759 NameCVE-2026-9759 DescriptionROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source…

CVE-2026-9759

Name	CVE-2026-9759
Description	ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
wireshark (PTS)	bullseye	3.4.10-0+deb11u1	vulnerable
	bullseye (security)	3.4.16-0+deb11u2	vulnerable
	bookworm, bookworm (security)	4.0.17-0+deb12u3	vulnerable
	trixie (security), trixie	4.4.15-0+deb13u1	vulnerable
	forky, sid	4.6.6-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
wireshark	source	(unstable)	4.6.6-1

Notes

[trixie] - wireshark <postponed> (Minor issue, fix along with future update)
[bookworm] - wireshark <no-dsa> (Minor issue)
https://www.wireshark.org/security/wnpa-sec-2026-51.html
https://gitlab.com/wireshark/wireshark/-/work_items/21243

Home - Debian Security - Source (Git)

Apply commands

text fix

Notes

[trixie] - wireshark <postponed> (Minor issue, fix along with future update)[bookworm] - wireshark <no-dsa> (Minor issue)https://www.wireshark.org/security/wnpa-sec-2026-51.htmlhttps://gitlab.com/wireshark/wireshark/-/work_items/21243

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

Debian Mixed 5 releases

Version	Status	Fixed in
trixie	Affected	—
sid	Fixed	`4.6.6-1`
forky	Fixed	`4.6.6-1`
bullseye	Affected	—
bookworm	Affected	—

Application impact

Vendor	Product	Versions	Fixed
wireshark	wireshark	`{"startIncluding":"4.4.0","endExcluding":"4.4.16"}`	`4.4.16`
wireshark	wireshark	`{"startIncluding":"4.6.0","endExcluding":"4.6.6"}`	`4.6.6`

References

CWEs

CWE-476

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.