CVE-2026-6534

Description

USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* - VULNERABLE

Wireshark 4.6.0 - 4.6.4

Wireshark 4.4.0 - 4.4.14

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# This is a conceptual PoC for demonstration purposes.
# It requires Scapy to generate a malformed packet.

from scapy.all import *

# Construct a raw USB HID packet that might trigger the infinite loop
# Specific byte patterns would depend on the exact vulnerability details
malicious_packet = Raw(b'\x00\x01\x02\x03\xFF\xFF\xFF\xFF') 

# Save to a pcap file
wrpcap('cve_2026_6534_poc.pcap', malicious_packet)

print("Malicious pcap file generated: cve_2026_6534_poc.pcap")
print("Open this file with a vulnerable version of Wireshark to trigger the DoS.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6534
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6534
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6534/
[4] VulDB https://vuldb.com/cve/CVE-2026-6534
[5] https://gitlab.com/wireshark/wireshark/-/issues/21121
[6] https://www.wireshark.org/security/wnpa-sec-2026-27.html
[7] https://gitlab.com/wireshark/wireshark/-/work_items/21121

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6534", "sourceIdentifier": "[email protected]", "published": "2026-04-30T07:16:40.753", "lastModified": "2026-05-01T18:16:21.030", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-835"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0", "versionEndIncluding": "4.4.14", "matchCriteriaId": "77CF79F1-B53C-40A7-9570-A192D5A85ED6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.6.0", "versionEndIncluding": "4.6.4", "matchCriteriaId": "B52139AE-161F-406A-B28D-F874CE8B68B6"}]}]}], "references": [{"url": "https://gitlab.com/wireshark/wireshark/-/issues/21121", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://www.wireshark.org/security/wnpa-sec-2026-27.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/work_items/21121", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}]}}