CVE-2026-6979

Name of the Vulnerable Software and Affected Versions devlikeapro WAHA versions prior to 2026.3.5

Description A flaw in the API Request Handler component, specifically within the src/api/media.controller.ts file, allows for remote server-side request forgery (SSRF). SSRF is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location.

Recommendations Update to a version newer than 2026.3.4. As a temporary workaround, restrict access to the src/api/media.controller.ts file or the associated API endpoints to minimize the risk of exploitation.