CVE-2026-10264
3.5 LOWA vulnerability was determined in lharries whatsapp-mcp 0.0.1
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 3.5 LOW
- Vector
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-22
Description
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10264
- [Other]https://github.com/BenGedi/whatsapp-mcp/commit/6657cdceadd361e8fbe824afe9d00b4504009a5d
- [Other]https://github.com/BenGedi/whatsapp-mcp/pull/1
- [Other]https://github.com/lharries/whatsapp-mcp/
- [Other]https://github.com/lharries/whatsapp-mcp/issues/241
- [Other]https://vuldb.com/cve/CVE-2026-10264
- [Other]https://vuldb.com/submit/824924
- [Other]https://vuldb.com/vuln/367544
- [Other]https://vuldb.com/vuln/367544/cti
Related CVEs
Same CWE
- CVE-2026-52726 — Dulwich is a pure-Python implementation of the Git file formats and protocols (7.5 HIGH)
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47712 — Dulwich is a pure-Python implementation of the Git file formats and protocols (3.3 LOW)
- CVE-2026-46703 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (9.6 CRITICAL)
- CVE-2026-42305 — Dulwich is a pure-Python implementation of the Git file formats and protocols (8.8 HIGH)