Path Traversal Vulnerability in Wireshark by the Wireshark Foundation
CVE-2026-5656

7HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 30 April 2026

What is CVE-2026-5656?

A path traversal vulnerability in Wireshark allows attackers to manipulate profile import paths, potentially leading to denial of service and the ability to execute arbitrary code. Exploiting this vulnerability could compromise system integrity and availability, making it imperative for users to apply security patches available for Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14.

Affected Version(s)

Wireshark 4.6.0 < 4.6.5

Wireshark 4.4.0 < 4.4.15

References

https://www.wireshark.org/security/wnpa-sec-2026-21.html

https://gitlab.com/wireshark/wireshark/-/issues/21115

issue-trackingpermissions-required

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Apr 6, 2026

Credit

TODO

CVE-2026-5656 Data

JSON