CVE-2026-10264

CVSS v2.0

2.7

Low

Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-10264

Affected Products

Whatsapp-Mcp

CVE-2026-10264

Weakness Enumeration

Related Identifiers

Affected Products

References · 9