Wireshark CVE-2026-5656
HIGHCVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionNVD
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
AnalysisAI
Path traversal in Wireshark's profile import feature enables local attackers to achieve denial of service and potentially execute arbitrary code on Windows, macOS, and Linux systems running versions 4.6.0-4.6.4 or 4.4.0-4.4.14. The vulnerability (CWE-22) requires user interaction to import a maliciously crafted profile configuration file, with attack complexity rated high due to specific exploitation prerequisites. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all Wireshark installations across the organization and identify affected versions (4.6.0-4.6.4, 4.4.0-4.4.14). Within 7 days: restrict Wireshark use to trusted networks and implement user training to avoid importing untrusted profile files; consider disabling the profile import feature via configuration if operationally feasible. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today