UBUNTU-CVE-2026-15166
A vulnerability in the IEEE 802.11 protocol dissector of Wireshark versions 4.4.0 to 4.4.16 and 4.6.0 to 4.6.6 can cause the application to crash, resulting in a denial of service condition. This affects multiple Ubuntu package versions of Wireshark. The vulnerability requires local access with low privileges and user interaction to be exploited.
AI Analysis
Technical Summary
Wireshark versions 4.4.0 through 4.4.16 and 4.6.0 through 4.6.6 contain a flaw in the IEEE 802.11 protocol dissector that can be exploited to cause a crash, leading to denial of service. The vulnerability has a CVSS 3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating local attack vector, low complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or integrity impact, and high impact on availability. Multiple Ubuntu package versions are affected. There is no vendor advisory or patch information provided in the input data.
Potential Impact
Successful exploitation causes a denial of service by crashing Wireshark when processing IEEE 802.11 protocol data. There is no impact on confidentiality or integrity. The attack requires local access and user interaction, limiting remote exploitation potential.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, avoid opening untrusted IEEE 802.11 protocol data in Wireshark and restrict local user access to Wireshark on affected systems.
UBUNTU-CVE-2026-15166
Description
A vulnerability in the IEEE 802.11 protocol dissector of Wireshark versions 4.4.0 to 4.4.16 and 4.6.0 to 4.6.6 can cause the application to crash, resulting in a denial of service condition. This affects multiple Ubuntu package versions of Wireshark. The vulnerability requires local access with low privileges and user interaction to be exploited.
CVSS v3.1
Affected software
pkg:deb/ubuntu/[email protected]~ubuntu14.04.0~esm3?arch=source&distro=esm-infra-legacy/trustypkg:deb/ubuntu/[email protected]~ubuntu16.04.0+esm2?arch=source&distro=esm-apps/xenialpkg:deb/ubuntu/[email protected]~ubuntu18.04.0+esm2?arch=source&distro=esm-apps/bionicpkg:deb/ubuntu/[email protected]~esm2?arch=source&distro=esm-apps/focalpkg:deb/ubuntu/[email protected]~esm1?arch=source&distro=esm-apps/jammypkg:deb/ubuntu/[email protected]?arch=source&distro=noblepkg:deb/ubuntu/[email protected]?arch=source&distro=questingpkg:deb/ubuntu/[email protected]?arch=source&distro=resoluteRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Wireshark versions 4.4.0 through 4.4.16 and 4.6.0 through 4.6.6 contain a flaw in the IEEE 802.11 protocol dissector that can be exploited to cause a crash, leading to denial of service. The vulnerability has a CVSS 3.1 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating local attack vector, low complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or integrity impact, and high impact on availability. Multiple Ubuntu package versions are affected. There is no vendor advisory or patch information provided in the input data.
Potential Impact
Successful exploitation causes a denial of service by crashing Wireshark when processing IEEE 802.11 protocol data. There is no impact on confidentiality or integrity. The attack requires local access and user interaction, limiting remote exploitation potential.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch is available, avoid opening untrusted IEEE 802.11 protocol data in Wireshark and restrict local user access to Wireshark on affected systems.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- UBUNTU-CVE-2026-15166
- Osv Schema Version
- 1.7.0
- Aliases
- []
- Ecosystems
- ["Ubuntu:Pro:14.04:LTS","Ubuntu:Pro:16.04:LTS","Ubuntu:Pro:18.04:LTS","Ubuntu:Pro:20.04:LTS","Ubuntu:Pro:22.04:LTS","Ubuntu:24.04:LTS","Ubuntu:25.10","Ubuntu:26.04:LTS"]
- Database Specific Severity
- null
- Cvss Version
- 3.1
Threat ID: 6a58b4f168715ace43db1de5
Added to database: 07/16/2026, 10:39:45 UTC
Last enriched: 07/16/2026, 13:58:37 UTC
Last updated: 07/17/2026, 02:26:25 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.