Wireshark 4.4.14 Release Notes

What is Wireshark?

Wireshark is the world's most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

Wireshark is hosted by the Wireshark Foundation, a nonprofit which promotes protocol analysis education. Wireshark and the foundation depend on your contributions in order to do their work! If you or your organization would like to contribute or become a sponsor, please visit wiresharkfoundation.org.

What's New

Bug Fixes

The following vulnerabilities have been fixed:

• [wnpa-sec-2026-05] USB HID dissector memory exhaustion. Bug 20972. CVE-2026-3201.
• [wnpa-sec-2026-07] RF4CE Profile dissector crash. Bug 21009. CVE-2026-3203.

The following bugs have been fixed:

• Bug in decoding 5G NAS message - Extended CAG information list IE. Bug 20946.
• PQC signature algorithm not reported in signature_algorithms. Bug 20953.
• Unexpected JA4 ALPN values when space characters sent. Bug 20966.
• Expert Info seems to have quadratic performance (gets slower and slower). Bug 20970.
• USB-HID: Resource exhaustion in parse_report_descriptor() due to missing array size limit. Bug 20972.
• Fuzz job crash: fuzz-2026-02-01-12944805400.pcap [Zigbee Direct Tunneling Zigbee NWK PDUs NULL hash table]. Bug 20977.
• RDM status in Output Status (GoodOutputB) field incorrectly decoded in Art-Net PollReply dissector. Bug 20980.
• TDS dissector desynchronizes on RPC DATENTYPE (0x28) due to incorrect expectation of TYPE_VARLEN (MaxLen). Bug 21001.
• Only first HTTP POST is parsed inside SOCKS with "Decode As". Bug 21006.
• Fuzz job crash: fuzz-2026-02-06-13021968622.pcap. Bug 21009.
• New Diameter RAT-Types in TS 29.212 not decoded. Bug 21012.

New Protocol Support

There are no new protocols in this release.

Updated Protocol Support

Art-Net, NAS-5GS, TDS, TECMP, USB HID, ZBD, ZB TLV

New and Updated Capture File Support

BLF

New and Updated File Format Decoding Support

There is no updated file format support in this release.

Getting Wireshark

Wireshark source code and installation packages are available from https://www.wireshark.org/download.html.

Vendor-supplied Packages

Most Linux and Unix vendors supply their own Wireshark packages. You can usually install or upgrade Wireshark using the package management system specific to that platform. A list of third-party packages can be found on the download page on the Wireshark web site.

File Locations

Wireshark and TShark look in several different locations for preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations vary from platform to platform. You can use Help › About Wireshark › Folders or tshark -G folders to find the default locations on your system.

Getting Help

The User's Guide, manual pages and various other documentation can be found at https://www.wireshark.org/docs/.

Community support is available on Wireshark's Q&A site and on the wireshark-users mailing list. Subscription information and archives for all of Wireshark's mailing lists can be found on the mailing list site.

Bugs and feature requests can be reported on the issue tracker.

You can learn protocol analysis and meet Wireshark's developers at SharkFest.

Getting Certified

You can become a Wireshark Certified Analyst! Learn more at https://www.wireshark.org/certifications.

How You Can Help

The Wireshark Foundation helps as many people as possible understand their networks as much as possible. You can find out more and donate at wiresharkfoundation.org.

Frequently Asked Questions

A complete FAQ is available on the Wireshark web site.