Wireshark, the premier network protocol analyzer, has unveiled its latest update, version 4.6.6, on May 19, 2026. This release addresses critical security vulnerabilities and introduces several enhancements to bolster the tool’s performance and reliability.
Key Security Fixes
A significant highlight of this update is the rectification of a vulnerability within the Robust Header Compression (ROHC) protocol dissector. This flaw, identified as wnpa-sec-2026-51 and documented under Issue 21243, allowed attackers to crash the application by injecting specially crafted, malformed packets. Such an exploit could disrupt network analysis operations and compromise monitoring environments.
Additionally, the update addresses a global buffer overflow issue in the MACsec dissector (Issue 21235). This vulnerability posed a memory safety risk during the parsing of IEEE 802.1AE-secured traffic. Both vulnerabilities were uncovered through rigorous fuzz testing conducted in May 2026.
Enhancements and Bug Fixes
Beyond security patches, Wireshark 4.6.6 introduces several improvements:
– Windows Stability: Resolved a crash occurring when running Wireshark under Visual Studio on Windows (Work Item 24787).
– Memory Management: Fixed uninitialized memory reads in the VeriWave (vwr) file reader, specifically in `pntoh16` and `find_signature` functions (Issues 16460 and 16461).
– Compatibility: Addressed an incompatibility issue where Wireshark 4.6.5 failed to run on Windows 10 version 1809, including Server 2019 and certain LTSC editions (Issue 21237).
– Upgrade Process: Corrected a problem where optional features were inadvertently removed during Windows upgrades unless explicitly requested (Issue 18925).
– Executable Size: Reduced the size of `Wireshark.exe`, which had doubled in version 4.6.5 compared to 4.6.4 due to a packaging issue (Issue 21233).
– Fuzz Testing: Resolved crashes identified during fuzz testing of capture files from May 2026 (Issues 21240 and 21253).
Updated Components
This release includes Npcap 1.88, succeeding the previously bundled Npcap 1.87, enhancing low-level packet capture reliability on Windows platforms. While no new protocols have been introduced, updates have been made to dissector support for protocols such as BACapp, MACsec, ROHC, Kafka, SIP, PFCP, and BPv7. Capture file support has also been updated for JSON and VeriWave formats.
Plugin Development Changes
On Unix systems, excluding macOS when running from an app bundle, extcap binaries are now searched for under the `/usr/libexec/wireshark/extcap` directory by default. This change, effective since version 4.6.0 but formally documented in this release, aligns with customary practices for helper binaries. The location can be overridden via the environment variable `WIRESHARK_EXTCAP_DIR`.
Recommendations
Network analysts and security professionals utilizing Wireshark are strongly advised to upgrade to version 4.6.6 promptly. This update not only mitigates critical security vulnerabilities but also enhances the tool’s stability and performance, ensuring a more secure and efficient network analysis experience.
Twitter Post
Wireshark 4.6.6 is out now! This update fixes critical security vulnerabilities and enhances performance. Upgrade today to ensure a secure and efficient network analysis experience. #Wireshark #CyberSecurity #NetworkAnalysis
Focus Key Phrase
Wireshark 4.6.6 release
Article X Post:
Hashtags:
Article Key Phrase:
Category: Security News
