CVE-2026-5656EXPLOITEDPATCHED

wireshark · wireshark

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark

Description

Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

Affected Products

Vendor	Product	Versions
wireshark	wireshark	4.6.0, 4.4.0

References

https://www.wireshark.org/security/wnpa-sec-2026-21.html
https://gitlab.com/wireshark/wireshark/-/issues/21115(issue-tracking, permissions-required)

Related News (2 articles)

Tier D

Heise Security4h ago

Netzwerkanalysetool Wireshark: Zahlreiche Sicherheitslücken geschlossen

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-5656 | Wireshark up to 4.4.14/4.6.4 Profile Import path traversal (ID 21115)

→ No new info (linked only)

CVSS 3.17.0 HIGH

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

4.6.54.4.15

CWECWE-22, CWE-400

PublishedApr 30, 2026

Last enriched3d agov2

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5405EXP

Heap-based Buffer Overflow in Wireshark

Trending: 62

HIGHCVE-2026-5403EXP

Heap-based Buffer Overflow in Wireshark

Trending: 62

HIGHCVE-2026-5402

Heap-based Buffer Overflow in Wireshark

Trending: 47

HIGHCVE-2026-5299EXP

Uncontrolled Recursion in Wireshark

Trending: 35

MEDIUMCVE-2026-6537EXP

Stack-based Buffer Overflow in Wireshark

Trending: 33

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 30, 2026

Discovered by ZDM

Apr 30, 2026

Updated: severity

May 1, 2026

Actively Exploited

May 2, 2026

Exploit Available

May 2, 2026

Patch Available

May 2, 2026

Version History

Last enriched 3d ago

v2Tier C3d ago

Updated severity to CRITICAL and noted that no exploit is available.

severity

via VulDB

v13d ago

Initial creation