wnpa-sec-2026-56 · TLS ECH decryption crash
Summary
Name: TLS ECH decryption crash
Docid: wnpa-sec-2026-56
Date: July 8, 2026
Affected versions: 4.6.0 to 4.6.6
Fixed versions: 4.6.7
References:
Wireshark issue 21390.
CVE-2026-15165.
Details
Description
The TLS ECH decryption code could crash.
Impact
Discovered by Claude and Ada Logics. We are unaware of any exploits for this issue. It may be possible to make Wireshark crash by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.6.7 or later.