CVE-2026-10264
lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
lharries · whatsapp-mcppublic PoCs found — 1
cve_referencegithub.com/lharries/whatsapp-mcp/issues/241unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/BenGedi/whatsapp-mcp/commit/6657cdceadd361e8fbe824afe9d00b4504009a5dhttps://github.com/BenGedi/whatsapp-mcp/pull/1https://github.com/lharries/whatsapp-mcp/https://github.com/lharries/whatsapp-mcp/issues/241https://vuldb.com/cve/CVE-2026-10264https://vuldb.com/submit/824924https://vuldb.com/vuln/367544https://vuldb.com/vuln/367544/cti