CVSS 7.0 · HIGH
CVE-2026-5656
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Ver en NVDAnálisis
Wireshark versions 4.4.x and 4.6.x are vulnerable to a path traversal flaw when importing profiles. A crafted profile file can lead to a denial of service or potential code execution on the user's machine, making it critical to update to a patched version before importing shared configurations.
Severidad
Puntaje: 7.0(HIGH)
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HAV: LOCAL
AC: HIGH
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-22EPSS
Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 3.6%
EPSS: 2026-05-06
Afecta
wireshark:wiresharkDescripción técnica
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Publicada: 1/5/2026, 0:16:25
Última modificación: 1/5/2026, 19:23:19