Wireshark · Wireshark-dev: [Wireshark-dev] Wireshark 4.6.4 is now available

Wireshark-dev: [Wireshark-dev] Wireshark 4.6.4 is now available

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Wed, 25 Feb 2026 14:06:16 -0800

I'm proud to announce the release of Wireshark 4.6.4.

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.

Wireshark is hosted by the Wireshark Foundation, a nonprofit which
promotes protocol analysis education. Wireshark and the foundation
depend on your contributions in order to do their work. If you or your
organization would like to contribute or become a sponsor, please
visit wiresharkfoundation.org[1].

If you use Wireshark professionally or you just want to learn more
about protocol analysis, you should join us at SharkFest[2], the
Wireshark developer and user conference.

You can also become a Wireshark Certified Analyst! Official Wireshark
training and certification are available from the Wireshark
Foundation[3].

What’s New

Bug Fixes

• wnpa-sec-2026-05[4] USB HID dissector memory exhaustion. Issue
20972[5]. CVE-2026-3201[6].

• wnpa-sec-2026-06[7] NTS-KE dissector crash. Issue 21000[8].
CVE-2026-3202[9].

• wnpa-sec-2026-07[10] RF4CE Profile dissector crash. Issue
21009[11]. CVE-2026-3203[12].

The following bugs have been fixed:

• Wireshark doesn’t start if Npcap is configured with "Restrict
Npcap driver’s Access to Administrators only" Issue 20828[13].

• PQC signature algorithm not reported in signature_algorithms.
Issue 20953[14].

• Unexpected JA4 ALPN values when space characters sent. Issue
20966[15].

• Expert Info seems to have quadratic performance (gets slower and
slower) Issue 20970[16].

• IKEv2 EMERGENCY_CALL_NUMBERS Notify payload cannot be decoded.
Issue 20974[17].

• TShark and editcap fails with segmentation fault when output
format (-F) set to blf. Issue 20976[18].

• Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee Direct
Tunneling Zigbee NWK PDUs NULL hash table] Issue 20977[19].

• Wiretap writes pcapng custom options with string values
invalidly. Issue 20978[20].

• RDM status in Output Status (GoodOutputB) field incorrectly
decoded in Art-Net PollReply dissector. Issue 20980[21].

• Wiretap writes invalid pcapng Darwin option blocks. Issue
20991[22].

• TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to
incorrect expectation of TYPE_VARLEN (MaxLen) Issue 21001[23].

• Only first HTTP POST is parsed inside SOCKS with "Decode As".
Issue 21006[24].

• TShark: Bogus "Dissector bug" messages generated in pipelines
where something after tshark exits before reading all its input.
Issue 21011[25].

• New Diameter RAT-Types in TS 29.212 not decoded. Issue 21012[26].

• Malformed packet error on Trigger HE Basic frames. Issue
21032[27].

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

Art-Net, AT, BGP, GSM DTAP, GSM SIM, IEEE 802.11, IPv6, ISAKMP, MBIM,
MySQL, NAS-5GS, NTS-KE, SGP.22, Silabs DCH, Socks, TDS, TECMP, USB
HID, ZB TLV, and ZBD

New and Updated Capture File Support

BLF, pcapng, and TTL

New and Updated File Format Decoding Support

There is no new or updated file format support in this release.

Prior Versions

Wireshark 4.6.3 included the following changes. See the release
notes[28] for details:

• wnpa-sec-2026-01[29] BLF file parser crash. Issue 20880[30].

• wnpa-sec-2026-02[31] IEEE 802.11 dissector crash. Issue 20939[32].

• wnpa-sec-2026-03[33] SOME/IP-SD dissector crash. Issue 20945[34].

• wnpa-sec-2026-04[35] HTTP3 dissector infinite loop. Issue
20944[36].

• Wireshark 4.6.0 build fails on Solaris: pcapio.c:441:21: error:
request for member '_flag' in something not a structure or union.
Issue 20773[37].

• RTP Player streams cannot be stopped. Issue 20879[38].

• Additional ABI/API compatibility fixes. Issue 20881[39].

• Missing data in pinfo→cinfo in HomePlug message CM_ATTEN_CHAR.IND.
Issue 20893[40].

• maxmind_db: crash when switching from a profile where it’s
disabled to one where it’s enabled. Issue 20903[41].

• Compilation warning or error if CFLAGS defines _FORTIFY_SOURCE to
other than 3 without first undefining it. Issue 20904[42].

• IEEE 802.11: Incorrect parsing of QoS and Mesh Control Field when
the frame body contains an A-MSDU. Issue 20905[43].

• OSS-Fuzz 473164101: Heap-buffer-overflow in
dissect_idn_laser_data. Issue 20936[44].

• Bug in decoding 5G NAS message - Extended CAG information list IE.
Issue 20946[45].

Wireshark 4.6.2 included the following changes. See the release
notes[46] for details:

This release fixes an API/ABI change that was introduced in Wireshark
4.6.1, which caused a compatibility issue with plugins built for
Wireshark 4.6.0. Issue 20881[47].

• wnpa-sec-2025-07[48] HTTP3 dissector crash. Issue 20860[49].

• wnpa-sec-2025-08[50] MEGACO dissector infinite loop. Issue
20884[51].

• ws_base32_decode should be named *_encode ? Issue 20754[52].

• Omnipeek files not working in 4.6.1. Issue 20876[53].

• Stack buffer overflow in wiretap/ber.c (ber_open) Issue 20878[54].

• Plugins incompatibility between 4.6.0 & 4.6.1. Issue 20881[55].

• Fuzz job crash: fuzz-2025-11-30-12266121180.pcap. Issue 20883[56].

• The Windows installers now ship with the Visual C++
Redistributable version 14.44.35112. They previously shipped with
14.40.33807.

Wireshark 4.6.1 included the following changes. See the release
notes[57] for details:

• wnpa-sec-2025-05[58] BPv7 dissector crash. Issue 20770[59].

• wnpa-sec-2025-06[60] Kafka dissector crash. Issue 20823[61].

• L2CAP dissector doesn’t understand retransmission mode. Issue
2241[62].

• DNS HIP dissector labels PK algorithm as HIT length. Issue
20768[63].

• clang-cl error in "packet-zbee-direct.c" Issue 20776[64].

• Writing to an LZ4-compressed output file might fail. Issue
20779[65].

• endian.h conflics with libc for building plugins. Issue 20786[66].

• TShark crash caused by Lua plugin. Issue 20794[67].

• Wireshark stalls for a few seconds when selecting specific
messages. Issue 20797[68].

• TLS Abbreviated Handshake Using New Session Ticket. Issue
20802[69].

• Custom websocket dissector does not run. Issue 20803[70].

• WINREG QueryValue triggers dissector bug in packet-dcerpc.c. Issue
20813[71].

• Lua: FileHandler causing crash when reading packets. Issue
20817[72].

• Apply As Filter for field with FT_NONE and BASE_NONE for a single
byte does not use the hex value. Issue 20818[73].

• Layout preference Pane 3 problem with selecting Packet Diagram or
None. Issue 20819[74].

• TCP dissector creates invalid packet diagram. Issue 20820[75].

• Too many nested VLAN tags when opening as File Format. Issue
20831[76].

• Omnipeek files not working in 4.6.0. Issue 20842[77].

• Support UTF-16 strings in the IsoBus dissector for the string
operations. Issue 20845[78].

• SNMP getBulkRequest request-id does not get filtered for
correctly. Issue 20849[79].

• Fuzz job issue: fuzz-2025-11-12-12064814316.pcap. Issue 20852[80].

• UDP Port 853 (DoQ) should be decoded as QUIC. Issue 20856[81].

Wireshark 4.6.0 included the following changes. See the release
notes[82] for details:

Wireshark can dissect process information, packet metadata, flow IDs,
drop information, and other information provided by `tcpdump` on
macOS.

We now ship universal macOS installers instead of separate packages
for Arm64 and Intel. Issue 17294[83]

WinPcap is no longer supported. On Windows, use Npcap instead,
uninstalling WinPcap if necessary. The final release of WinPcap was
version 4.1.3 in 2013. It only supports up to Windows 8, which is no
longer supported by Microsoft or Wireshark.

A new “Plots” dialog has been added, which provides scatter plots in
contrast to the “I/O Graphs” dialog, which provides histograms. The
Plots dialog window supports multiple plots, markers, and automatic
scrolling.

Live captures can be compressed while writing. (Previously there was
support for compressing when performing multiple file capture, at file
rotation time.) The `--compress` option in TShark works on live
captures as well. Issue 9311[84]

Wireshark can now decrypt NTP packets using NTS (Network Time
Security). To decrypt packets, the NTS-KE (Network Time Security Key
Establishment Protocol) packets need to be present, alongside the TLS
client and exporter secrets.

Wireshark’s ability to decrypt MACsec packets has been expanded to
either use the SAK unwrapped by the MKA dissector, or the PSK
configured in the MACsec dissector.

The TCP Stream Graph axes now use units with SI prefixes. Issue
20197[85]

Display filter functions `float` and `double` are added to allow
explicitly converting field types like integers and times to single
and double precision floats.

A "Edit › Copy › as HTML" menu item has been added, along with
associated context menu items and a keyboard shortcut.

The Conversations and Endpoints dialogs have an option to display byte
counts and bit rates in exact counts instead of human-readable numbers
with SI units.

The color scheme can be set to Light or Dark mode independently of the
current OS default on Windows and macOS, if Wireshark is built with Qt
6.8 or later as the official installers are. Issue 19328[86]

Getting Wireshark

Wireshark source code and installation packages are available from
https://www.wireshark.org/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You
can usually install or upgrade Wireshark using the package management
system specific to that platform. A list of third-party packages can
be found on the download page[87] on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for
preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
locations vary from platform to platform. You can use "Help › About
Wireshark › Folders" or `tshark -G folders` to find the default
locations on your system.

Getting Help

The User’s Guide, manual pages and various other documentation can be
found at https://www.wireshark.org/docs/

Community support is available on Wireshark’s Q&A site[88] and on the
wireshark-users mailing list. Subscription information and archives
for all of Wireshark’s mailing lists can be found on the mailing list
site[89].

Bugs and feature requests can be reported on the issue tracker[90].

You can learn protocol analysis and meet Wireshark’s developers at
SharkFest[91].

How You Can Help

The Wireshark Foundation helps as many people as possible understand
their networks as much as possible. You can find out more and donate
at wiresharkfoundation.org[92].

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site[93].

References

1. https://wiresharkfoundation.org
2. https://sharkfest.wireshark.org/
3. https://www.wireshark.org/certifications
4. https://www.wireshark.org/security/wnpa-sec-2026-05
5. https://gitlab.com/wireshark/wireshark/-/issues/20972
6. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3201
7. https://www.wireshark.org/security/wnpa-sec-2026-06
8. https://gitlab.com/wireshark/wireshark/-/issues/21000
9. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3202
10. https://www.wireshark.org/security/wnpa-sec-2026-07
11. https://gitlab.com/wireshark/wireshark/-/issues/21009
12. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3203
13. https://gitlab.com/wireshark/wireshark/-/issues/20828
14. https://gitlab.com/wireshark/wireshark/-/issues/20953
15. https://gitlab.com/wireshark/wireshark/-/issues/20966
16. https://gitlab.com/wireshark/wireshark/-/issues/20970
17. https://gitlab.com/wireshark/wireshark/-/issues/20974
18. https://gitlab.com/wireshark/wireshark/-/issues/20976
19. https://gitlab.com/wireshark/wireshark/-/issues/20977
20. https://gitlab.com/wireshark/wireshark/-/issues/20978
21. https://gitlab.com/wireshark/wireshark/-/issues/20980
22. https://gitlab.com/wireshark/wireshark/-/issues/20991
23. https://gitlab.com/wireshark/wireshark/-/issues/21001
24. https://gitlab.com/wireshark/wireshark/-/issues/21006
25. https://gitlab.com/wireshark/wireshark/-/issues/21011
26. https://gitlab.com/wireshark/wireshark/-/issues/21012
27. https://gitlab.com/wireshark/wireshark/-/issues/21032
28. https://www.wireshark.org/docs/relnotes/wireshark-4.6.3.html
29. https://www.wireshark.org/security/wnpa-sec-2026-01
30. https://gitlab.com/wireshark/wireshark/-/issues/20880
31. https://www.wireshark.org/security/wnpa-sec-2026-02
32. https://gitlab.com/wireshark/wireshark/-/issues/20939
33. https://www.wireshark.org/security/wnpa-sec-2026-03
34. https://gitlab.com/wireshark/wireshark/-/issues/20945
35. https://www.wireshark.org/security/wnpa-sec-2026-04
36. https://gitlab.com/wireshark/wireshark/-/issues/20944
37. https://gitlab.com/wireshark/wireshark/-/issues/20773
38. https://gitlab.com/wireshark/wireshark/-/issues/20879
39. https://gitlab.com/wireshark/wireshark/-/issues/20881
40. https://gitlab.com/wireshark/wireshark/-/issues/20893
41. https://gitlab.com/wireshark/wireshark/-/issues/20903
42. https://gitlab.com/wireshark/wireshark/-/issues/20904
43. https://gitlab.com/wireshark/wireshark/-/issues/20905
44. https://gitlab.com/wireshark/wireshark/-/issues/20936
45. https://gitlab.com/wireshark/wireshark/-/issues/20946
46. https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html
47. https://gitlab.com/wireshark/wireshark/-/issues/20881
48. https://www.wireshark.org/security/wnpa-sec-2025-07
49. https://gitlab.com/wireshark/wireshark/-/issues/20860
50. https://www.wireshark.org/security/wnpa-sec-2025-08
51. https://gitlab.com/wireshark/wireshark/-/issues/20884
52. https://gitlab.com/wireshark/wireshark/-/issues/20754
53. https://gitlab.com/wireshark/wireshark/-/issues/20876
54. https://gitlab.com/wireshark/wireshark/-/issues/20878
55. https://gitlab.com/wireshark/wireshark/-/issues/20881
56. https://gitlab.com/wireshark/wireshark/-/issues/20883
57. https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html
58. https://www.wireshark.org/security/wnpa-sec-2025-05
59. https://gitlab.com/wireshark/wireshark/-/issues/20770
60. https://www.wireshark.org/security/wnpa-sec-2025-06
61. https://gitlab.com/wireshark/wireshark/-/issues/20823
62. https://gitlab.com/wireshark/wireshark/-/issues/2241
63. https://gitlab.com/wireshark/wireshark/-/issues/20768
64. https://gitlab.com/wireshark/wireshark/-/issues/20776
65. https://gitlab.com/wireshark/wireshark/-/issues/20779
66. https://gitlab.com/wireshark/wireshark/-/issues/20786
67. https://gitlab.com/wireshark/wireshark/-/issues/20794
68. https://gitlab.com/wireshark/wireshark/-/issues/20797
69. https://gitlab.com/wireshark/wireshark/-/issues/20802
70. https://gitlab.com/wireshark/wireshark/-/issues/20803
71. https://gitlab.com/wireshark/wireshark/-/issues/20813
72. https://gitlab.com/wireshark/wireshark/-/issues/20817
73. https://gitlab.com/wireshark/wireshark/-/issues/20818
74. https://gitlab.com/wireshark/wireshark/-/issues/20819
75. https://gitlab.com/wireshark/wireshark/-/issues/20820
76. https://gitlab.com/wireshark/wireshark/-/issues/20831
77. https://gitlab.com/wireshark/wireshark/-/issues/20842
78. https://gitlab.com/wireshark/wireshark/-/issues/20845
79. https://gitlab.com/wireshark/wireshark/-/issues/20849
80. https://gitlab.com/wireshark/wireshark/-/issues/20852
81. https://gitlab.com/wireshark/wireshark/-/issues/20856
82. https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html
83. https://gitlab.com/wireshark/wireshark/-/issues/17294
84. https://gitlab.com/wireshark/wireshark/-/issues/9311
85. https://gitlab.com/wireshark/wireshark/-/issues/20197
86. https://gitlab.com/wireshark/wireshark/-/issues/19328
87. https://www.wireshark.org/download.html
88. https://ask.wireshark.org/
89. https://lists.wireshark.org/lists/
90. https://gitlab.com/wireshark/wireshark/-/issues
91. https://sharkfest.wireshark.org
92. https://wiresharkfoundation.org
93. https://www.wireshark.org/faq.html

Digests

wireshark-4.6.4.tar.xz: 50566640 bytes
SHA256(wireshark-4.6.4.tar.xz)=fbeab3d85c6c8a5763c8d9b7fe20b5c69ca9f9e7f2b824bedc73135bdca332e2
SHA1(wireshark-4.6.4.tar.xz)=694a28aedceef0061736d13c7fdff0ebddc46e77

Wireshark-4.6.4-arm64.exe: 75661432 bytes
SHA256(Wireshark-4.6.4-arm64.exe)=62a0d34efb4418fe373b8f56a13457ff488c827d8c7d7f48e3037e52752bee6f
SHA1(Wireshark-4.6.4-arm64.exe)=ebf0381942f21c816f0098351eed8147236a106d

Wireshark-4.6.4-x64.exe: 96981632 bytes
SHA256(Wireshark-4.6.4-x64.exe)=102017d8e99a75b57895cd2144e6a61dc335a8ff14c7a25bd83a55f8ea9ad77b
SHA1(Wireshark-4.6.4-x64.exe)=d759080d59d100e40db2b40a4279b465d13ba1f6

Wireshark-4.6.4-x64.msi: 73871360 bytes
SHA256(Wireshark-4.6.4-x64.msi)=e233387deeac2693cd9edc73a9a1578338ae211669f01f5dfb99a119a4f5ff9a
SHA1(Wireshark-4.6.4-x64.msi)=398e3edca8e56a1d03560a6dca418f0ac9d0eddd

WiresharkPortable64_4.6.4.paf.exe: 95895416 bytes
SHA256(WiresharkPortable64_4.6.4.paf.exe)=2f144183e24d14c3573053b85e304819a5409399383a3f3f6b2feac5e36d1dbb
SHA1(WiresharkPortable64_4.6.4.paf.exe)=a53bc99a82d0e2518480ff46d5159651178ba562

Wireshark 4.6.4.dmg: 141797826 bytes
SHA256(Wireshark 4.6.4.dmg)=08150f79cfc5828820f991b6d944c68536db9595b1c3052982bbde79fb2053df
SHA1(Wireshark 4.6.4.dmg)=ce758a8ff597e3d4340a06bfe286cecea465bc7e

You can validate these hashes using the following commands (among others):

Windows: powershell Get-FileHash Wireshark-x.y.z-x64.exe -Algorithm SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Prev by Date: [Wireshark-dev] Re: Data Question
Previous by thread: [Wireshark-dev] Re: Capitalize Each Word in epan/tfs.c or not?
Index(es):
- Date
- Thread