Description
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Published: 2026-04-30
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a pathname traversal flaw in the Wireshark profile import feature. When a malicious profile file is loaded, Wireshark can resolve pathnames that reference directories outside the intended profile location. This can lead to a denial of service as Wireshark may crash or hang while attempting to read or write to unintended files, and it can provide a path to execute arbitrary code if the untrusted file is processed or executed during import. The weakness is classified as CWE‑22.

Affected Systems

Wireshark Foundation's Wireshark application is affected. The issue exists in Wireshark versions 4.6.0 through 4.6.4 and also in versions 4.4.0 through 4.4.14.

Risk and Exploitability

The CVSS score of 7 indicates a high severity, and the EPSS score is not available while the vulnerability is not listed in the CISA KEV catalog, implying no publicly known exploits yet. The official description does not disclose the exact attack vector; however, based on the nature of the flaw, it can be triggered by supplying a crafted profile file and importing it into Wireshark. Local privilege is required to run Wireshark, but if Wireshark is executed with elevated rights, the path traversal could lead to system‑wide code execution.

Generated by OpenCVE AI on May 1, 2026 at 04:47 UTC.

Remediation

Vendor Solution

Upgrade to version 4.6.5 or above

OpenCVE Recommended Actions

  • Upgrade Wireshark to version 4.6.5 or later, which resolves the path traversal issue.
  • If an upgrade cannot be performed immediately, restrict profile import by disabling automatic profile loading or by ensuring that only trusted profile files are present in the profile directories.
  • Run Wireshark with the least privileges necessary for its operation and avoid executing it as an administrator or root so that a successful path traversal cannot result in system‑wide code execution.

Generated by OpenCVE AI on May 1, 2026 at 04:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
Vendors & Products Wireshark
Wireshark wireshark

Thu, 30 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Title Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Wireshark Wireshark
cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2026-05-02T03:55:29.128Z

Reserved: 2026-04-06T06:34:06.344Z

Link: CVE-2026-5656

cve-icon Vulnrichment

Updated: 2026-05-01T14:17:17.768Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T00:16:25.097

Modified: 2026-05-01T19:23:19.983

Link: CVE-2026-5656

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T05:00:12Z

Weaknesses