12 matches found
CVE-2026-10264
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...
CVE-2026-10264
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...
CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...
CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...
CVE-2026-10264
CVE-2026-10264 affects lharries whatsapp-mcp 0.0.1. The vulnerability is in the SendMessageRequest function of whatsapp-bridge/main.go, where manipulation of the mediaPath argument enables path traversal. The exploit has been publicly disclosed. A patch is available (patch name: 6657cdceadd361e8f...
CVE-2026-35589
In nanobot versions before 0.1.5, the bridge’s WebSocket server (bridge/src/server.ts) binds to all interfaces (0.0.0.0) and does not validate the Origin header, enabling Cross-Site WebSocket Hijacking (CSWSH). Token authentication is disabled by default, allowing any website visited by a user to...
CVE-2026-2577
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
EUVD-2026-6101
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
CVE-2026-2577
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
CVE-2026-2577
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
CVE-2026-2577
The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces 0.0.0.0 on port 3001 by default and does not require authentication for incoming connections. An unauthenticated remote attacker with network access to the bridge can connect to the WebSocket server to...
nanobot 安全漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. There is a security vulnerability in Nanobot; this vulnerability stems from the WhatsApp bridge component automatically binding WebSocket servers to all network interfaces without requiring authentication,...