CVE-2026-5656: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark
Published Apr 30, 2026
·Updated
Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution
Affected Software
3 affected components
Wireshark Wireshark>=4.6.0<=4.6.4, >=4.4.0<=4.4.14
Wireshark Wireshark>=4.4.0<4.4.15
Wireshark Wireshark>=4.6.0<4.6.5
Remediation
Information
Upgrade to version 4.6.5 or above
Event History
Apr 30, 2026
CVE Published
via MITRE·11:03 PM
Data Sourced
via MITRE·11:03 PM
RemedyDescriptionSeverityWeakness
May 1, 2026
Data Sourced
via NVD·12:16 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-5656?
The severity of CVE-2026-5656 is classified as high due to potential denial of service and possible code execution risks.
2
How do I fix CVE-2026-5656?
To fix CVE-2026-5656, upgrade Wireshark to version 4.6.5 or later, or 4.4.15 or later.
3
What versions of Wireshark are affected by CVE-2026-5656?
CVE-2026-5656 affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14.
4
What type of vulnerability is CVE-2026-5656?
CVE-2026-5656 is a path traversal vulnerability that allows access to restricted directories.
5
What are the potential impacts of exploiting CVE-2026-5656?
Exploiting CVE-2026-5656 could lead to denial of service and the execution of arbitrary code.