Skip to main content

wireshark-mcp EUVDEUVD-2026-27159

| CVE-2026-7785 MEDIUM
OS Command Injection (CWE-78)
2026-05-04 VulDB GHSA-v798-39xf-8fg2
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 05, 2026 - 00:30 vuln.today
Severity Changed
May 05, 2026 - 00:22 NVD
HIGH MEDIUM
CVSS changed
May 05, 2026 - 00:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)

DescriptionCVE.org

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quick_capture of the file pyshark_mcp.py. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

OS command injection in wireshark-mcp's quick_capture function allows remote unauthenticated attackers to execute arbitrary operating system commands with publicly available exploit code. The vulnerability affects all versions of the rolling-release project through commit 400c3da70074f22f3cce7ccb65304cafc7089c89, with CVSS 5.5 reflecting low confidentiality, integrity, and availability impact but network-accessible exploitation vector. Active public exploit availability increases real-world risk despite moderate CVSS score.

Technical ContextAI

The vulnerability exists in pyshark_mcp.py's quick_capture function, which processes network traffic capture operations. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates insufficient input sanitization when constructing or executing system commands. The quick_capture function likely concatenates user-supplied parameters directly into shell command invocations without proper escaping or parameterization. wireshark-mcp is a Python library that interfaces with Wireshark for packet capture and analysis, typically invoked programmatically or via API endpoints. The network attack vector (AV:N/AC:L) suggests the vulnerable function is accessible remotely, possibly through a web service, API, or network daemon exposing packet capture functionality.

RemediationAI

No vendor-released patch identified at time of analysis. The project maintainers have not responded to early notification via GitHub issue #1. Immediate workarounds include: (1) Disable or remove access to the quick_capture function in production environments if not essential - this eliminates the attack surface entirely. (2) Implement strict input validation on all parameters passed to quick_capture, using allowlisting of expected packet capture filters and file paths rather than blocking dangerous characters. (3) Run wireshark-mcp in a containerized environment with restricted system call capabilities (seccomp/AppArmor profiles) to limit OS command injection impact to that container. (4) Place wireshark-mcp behind authentication and access control layers, restricting quick_capture endpoints to trusted internal networks only - note this mitigates remote vector but does not fix the underlying command injection. (5) Monitor and patch pyshark dependencies and Wireshark itself for supply chain risk. Engage the project maintainers at https://github.com/A-G-U-P-T-A/wireshark-mcp/issues/1 to request a patched release or code review. Given the public exploit and non-responsive maintainers, consider forking and patching internally or switching to actively maintained Wireshark Python bindings.

Share

EUVD-2026-27159 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy