CVE-2026-0959 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting the Wireshark network protocol analyzer, specifically in the IEEE 802.11 protocol dissector. The flaw exists in Wireshark versions 4.4.0 through 4.4.12 and 4.6.0 through 4.6.2. An attacker can craft malicious IEEE 802.11 packets that, when processed by the vulnerable dissector, cause an out-of-bounds write operation. This memory corruption leads to a crash of the Wireshark application, resulting in a denial of service condition. The vulnerability is exploitable remotely over the network without requiring privileges but does require user interaction, such as opening a malicious capture file or live capture of crafted packets. The CVSS v3.1 base score is 5.3, reflecting medium severity due to the lack of confidentiality or integrity impact and the requirement for user interaction and high attack complexity. No known public exploits have been reported, and no patches were linked at the time of disclosure, indicating the need for vendor updates. This vulnerability primarily affects security analysts and network engineers who rely on Wireshark for packet inspection and troubleshooting, potentially disrupting their ability to analyze network traffic effectively.

The primary impact of CVE-2026-0959 is denial of service through application crashes, which can interrupt network traffic analysis and forensic investigations. For organizations relying heavily on Wireshark for real-time network monitoring, incident response, or security auditing, this can delay detection and mitigation of other threats. While the vulnerability does not compromise confidentiality or integrity, the disruption of availability in security tools can indirectly increase organizational risk by reducing visibility into network events. This is particularly critical in environments with high security demands such as government agencies, financial institutions, and critical infrastructure operators. The requirement for user interaction limits automated exploitation, but targeted attacks against security personnel could still cause operational interruptions. The lack of known exploits reduces immediate risk but does not eliminate the potential for future weaponization.

Organizations should monitor Wireshark Foundation announcements and promptly apply patches once released for versions 4.4.x and 4.6.x. Until patches are available, users can mitigate risk by disabling the IEEE 802.11 dissector if not required for their analysis tasks, thereby preventing processing of malicious packets targeting this vulnerability. Additionally, security teams should avoid opening untrusted capture files or capturing traffic from untrusted wireless networks without proper filtering. Employing network segmentation and limiting exposure of systems running Wireshark to untrusted networks can reduce attack surface. Training analysts to recognize suspicious capture files and maintaining updated endpoint protection can further reduce risk. Finally, consider using alternative packet analysis tools or earlier stable Wireshark versions not affected by this vulnerability if immediate patching is not feasible.