Wireshark, a leading free and open-source packet analyzer for network troubleshooting, analysis, and protocol development, has just released version 4.6.4.
The release fixes three security issues tracked as CVE-2026-3201, CVE-2026-3202, and CVE-2026-3203. These include a USB HID dissector memory exhaustion flaw, as well as crashes in the NTS-KE and RF4CE Profile dissectors.
Beyond the security fixes, the update resolves several stability problems. Wireshark could fail to start if Npcap was configured with the “Restrict Npcap driver’s access to Administrators only” option. That startup issue has now been corrected.
Several dissector-related bugs were also addressed. These include incorrect decoding in the Art-Net PollReply dissector, failure to decode new Diameter RAT-Types in 3GPP TS 29.212, desynchronization in the TDS dissector during specific RPC handling, and malformed packet errors in Trigger HE Basic frames.
Additional fixes improve handling in protocols such as BGP, IPv6, ISAKMP, MySQL, NAS-5GS, SOCKS, USB HID, and others.
On the performance and tooling side, a quadratic slowdown in the Expert Info system has been fixed, preventing progressive performance degradation during long analysis sessions.
Additionally, TShark and editcap no longer crash with a segmentation fault when using the BLF output format, and bogus “Dissector bug” messages in certain pipeline scenarios have been eliminated.
Capture file handling has also been improved. The release fixes invalid writing of pcapng custom options with string values and corrects invalid Darwin option blocks. Updates were made to BLF, pcapng, and TTL capture support, but no new file format decoding capabilities were introduced.
For more information, see the announcement.
