CVE-2026-43901

Vulnerability

Description CVE-2026-43901 is a path traversal vulnerability in Wireshark MCP, an MCP Server that wraps tshark's functionality, versions 1.5 and earlier [1]. The wireshark_export_objects MCP tool accepts an attacker-controlled dest_dir parameter and passes it directly to tshark's --export-objects flag without mandatory path restriction [2]. The intended sandbox (_allowed_dirs) is set to None by default and only activates when the environment variable WIRESHARK_MCP_ALLOWED_DIRS is explicitly set, leaving all filesystem paths writable in default installations [1][2].

Exploitation

An attacker can embed a crafted HTTP response in a pcap file (e.g., with Content-Disposition: filename=authorized_keys) and, via prompt injection, manipulate an AI model using this MCP server to call wireshark_export_objects with a malicious dest_dir, such as /home/user/.ssh/ [2][3]. tshark then writes the extracted HTTP content to that path, allowing the attacker to overwrite sensitive files like SSH authorized_keys, cron jobs, or web root files [2][3]. The same unvalidated path parameter also affects other tools: merge_pcap_files, editcap_trim, editcap_split, editcap_time_shift, editcap_deduplicate, and text2pcap_import [2][3].

Impact

Successful exploitation leads to arbitrary file write to any location on the filesystem. This can result in privilege escalation (e.g., adding an SSH key), code execution via cron jobs, or defacement of web content. The vulnerability is rated Medium (CVSS 6.8) [1]. No authentication is required beyond access to the MCP server.

Mitigation

As of the advisory, no patch has been released [2][3]. The fix should make the path sandbox mandatory for all file-write operations rather than optional, rejecting writes when no sandbox is configured [2]. Until patches are applied, administrators must set the WIRESHARK_MCP_ALLOWED_DIRS environment variable to restrict writable directories [1][3].