Vulnerability Details CVE-2026-43901
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts an attacker-controlled dest_dir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox (_allowed_dirs) is None by default and only activates when the environment variable WIRESHARK_MCP_ALLOWED_DIRS is explicitly set. In a default installation, any directory on the filesystem can be used as the export destination.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.8%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2026-43901
-
cpe:2.3:a:bx33661:wireshark_mcp:0.2.1
-
cpe:2.3:a:bx33661:wireshark_mcp:0.4.0
-
cpe:2.3:a:bx33661:wireshark_mcp:0.6.0
-
cpe:2.3:a:bx33661:wireshark_mcp:0.6.1
-
cpe:2.3:a:bx33661:wireshark_mcp:0.6.2
-
cpe:2.3:a:bx33661:wireshark_mcp:0.6.3
-
cpe:2.3:a:bx33661:wireshark_mcp:0.6.4
-
cpe:2.3:a:bx33661:wireshark_mcp:1.0.0
-
cpe:2.3:a:bx33661:wireshark_mcp:1.1.0
-
cpe:2.3:a:bx33661:wireshark_mcp:1.1.5