Wireshark 4.6.7 fixes twelve security advisories, numbered wnpa-sec-2026-52 through -63, across dissectors, capture parsers and Ciscodump; Crafted packets or files can trigger crashes and hangs; one BLF issue carries an information-disclosure risk. [1]
The operator's task is concrete: upgrade the analyzer and isolate workflows that ingest untrusted packet captures; analysts often open evidence supplied by someone else, so a file does not become harmless merely because it is being examined rather than executed.
The fetched record does not report exploitation in the wild or remote code execution; no verified X post specific to the release surfaced; that absence matters because security discourse routinely promotes a parser failure into a remote-takeover claim before the advisory establishes such an impact.
Version 4.6.7 is therefore a service receipt, not a breach story; teams that automate capture ingestion should review their sandboxing as well as patching, but the evidence boundary stays fixed: malicious input can crash or hang affected components and the BLF flaw can disclose information; Friday's source does not support an attacker, victim list or universal remote compromise.
-- DAVID CHEN, Beijing