wnpa-sec-2026-05 USB HID dissector memory exhaustion. Issue 20972. CVE-2026-3201.
wnpa-sec-2026-06 NTS-KE dissector crash. Issue 21000. CVE-2026-3202.
wnpa-sec-2026-07 RF4CE Profile dissector crash. Issue 21009. CVE-2026-3203.
The following bugs have been fixed:
Wireshark doesn’t start if Npcap is configured with "Restrict Npcap driver’s Access to Administrators only" Issue 20828.
PQC signature algorithm not reported in signature_algorithms. Issue 20953.
Unexpected JA4 ALPN values when space characters sent. Issue 20966.
Expert Info seems to have quadratic performance (gets slower and slower) Issue 20970.
IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded. Issue 20974.
TShark and editcap fails with segmentation fault when output format (-F) set to blf. Issue 20976.
Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee Direct Tunneling Zigbee NWK PDUs NULL hash table] Issue 20977.
Wiretap writes pcapng custom options with string values invalidly. Issue 20978.
RDM status in Output Status (GoodOutputB) field incorrectly decoded in Art-Net PollReply dissector. Issue 20980.
Wiretap writes invalid pcapng Darwin option blocks. Issue 20991.
TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to incorrect expectation of TYPE_VARLEN (MaxLen) Issue 21001.
Only first HTTP POST is parsed inside SOCKS with "Decode As". Issue 21006.
TShark: Bogus "Dissector bug" messages generated in pipelines where something after tshark exits before reading all its input. Issue 21011.
New Diameter RAT-Types in TS 29.212 not decoded. Issue 21012.
Malformed packet error on Trigger HE Basic frames. Issue 21032.
There are no new protocols in this release.
Art-Net, AT, BGP, GSM DTAP, GSM SIM, IEEE 802.11, IPv6, ISAKMP, MBIM, MySQL, NAS-5GS, NTS-KE, SGP.22, Silabs DCH, Socks, TDS, TECMP, USB HID, ZB TLV, and ZBD
BLF, pcapng, and TTL
There is no new or updated file format support in this release.