Description
A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-04
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the quick_capture function of pyshark_mcp.py in the A‑G‑U‑P‑T‑A wireshark‑mcp project. An attacker can supply crafted input that causes the function to execute arbitrary OS commands. The flaw gives remote attackers the ability to run arbitrary code on the host, leading to full system compromise. The weakness is a classic OS command injection (CWE‑77, CWE‑78).

Affected Systems

A‑G‑U‑P‑T‑A wireshark‑mcp is the only product listed. The project follows a rolling‑release model with no fixed version numbers for vulnerable or patched releases, so any current iteration of wireshark‑mcp is potentially affected. No additional vendor or product details are available.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk. EPSS is not available, and the vulnerability has not been listed in CISA’s KEV catalog. The attack vector is remote and the exploit code has already been posted publicly, suggesting that attackers could readily target vulnerable deployments. Until an official fix is released, the risk remains high for any exposed installation.

Generated by OpenCVE AI on May 5, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check current wireshark‑mcp version and compare against any vendor advisories
  • Apply vendor‑provided patch or newer release once available
  • Restrict external access to the quick_capture endpoint via firewall or network segmentation
  • Monitor logs for suspicious OS command execution attempts

Generated by OpenCVE AI on May 5, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Title A-G-U-P-T-A wireshark-mcp pyshark_mcp.py quick_capture os command injection
Weaknesses CWE-77
CWE-78
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T23:45:16.986Z

Reserved: 2026-05-04T16:04:35.270Z

Link: CVE-2026-7785

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T00:16:17.827

Modified: 2026-05-05T00:16:17.827

Link: CVE-2026-7785

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T01:30:12Z

Weaknesses