CVE-2026-43901 Wireshark MCP: Arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured

Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's...

CVE-2026-43901

Wireshark MCP (v1.1.5 and earlier) is affected by CVE-2026-43901: the wireshark_export_objects MCP tool accepts an attacker-controlled dest_dir and passes it to tshark --export-objects with no mandatory path restriction. The internal sandbox (_allowed_dirs) is None by default and only activated w...

Directory Traversal

Overview wireshark-mcp is an A production-grade Model Context Protocol MCP server for Wireshark Affected versions of this package are vulnerable to Directory Traversal via the wiresharkexportobjects process when the destdir parameter is attacker-controlled and no mandatory path restriction is...

GHSA-3R68-X3XC-RXPG wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured

Description Impact wireshark-mcp exposes a wiresharkexportobjects MCP tool that accepts an attacker-controlled destdir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox alloweddirs is None by default and only activates when the...

IPX Allows Path Traversal via Prefix Matching Bypass

Summary The approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. PoC - setup mkdir /public123 move a png file...

GHSA-MM3P-J368-7JCR IPX Allows Path Traversal via Prefix Matching Bypass

Summary The approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. PoC - setup mkdir /public123 move a png file...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

httpd: Substitution encoding issue in mod_rewrite

A flaw was found in the modrewrite module of httpd. Due to a substitution encoding issue, specially crafted requests may allow an attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant only to be execut...

PT-2021-5282 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.318 and earlier Jenkins LTS versions 2.303.2 and earlier Description: The issue is related to the agent-to-controller security subsystem of Jenkins, where file path filters do not canonicalize paths. This allows operations ...

CVE-2018-15132

An issue was discovered in ext/standard/linkwin32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the openbasedir check. This could be abused to find files on paths outside of the allowed directories...