This vulnerability (CVE-2026-5401) affects Wireshark Foundation's Wireshark network protocol analyzer in versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. The AFP Spotlight protocol dissector contains an uncontrolled recursion flaw (CWE-674) that can be triggered to crash the application, causing a denial of service condition. The CVSS 3.1 base score is 5.5, reflecting a medium severity with local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and impact limited to availability. No patch or official fix has been disclosed as of the publication date.

Successful exploitation results in a denial of service by crashing Wireshark when processing malformed AFP Spotlight protocol data. There is no impact on confidentiality or integrity. The attack requires local access and user interaction to trigger the vulnerability. No known exploits have been reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when analyzing untrusted AFP Spotlight protocol traffic and consider avoiding or restricting the use of the affected dissector. Monitor Wireshark vendor communications for updates on patches or mitigations.