CVSS 7.0 · HIGH
CVE-2026-5656
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
View on NVDAnalysis
Wireshark versions 4.4.x and 4.6.x are vulnerable to a path traversal flaw when importing profiles. A crafted profile file can lead to a denial of service or potential code execution on the user's machine, making it critical to update to a patched version before importing shared configurations.
Severity
Score: 7.0(HIGH)
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HAV: LOCAL
AC: HIGH
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE):
CWE-22EPSS
Probability of exploitation (next 30 days): 0.0002 (0.0%)
Percentile: 3.6%
EPSS: 2026-05-06
Affects
wireshark:wiresharkTechnical description
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Published: 5/1/2026, 12:16:25 AM
Last modified: 5/1/2026, 7:23:19 PM