CVE-2026-10264
LOWlharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal
Title source: cnaDescription
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
References (8)
Core 8
Core References
Signature, Permissions Required signature
permissions-required
VDB-367544 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367544/cti
Third Party Advisory third-party-advisory
CVE-2026-10264 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10264
Third Party Advisory third-party-advisory
Submit #824924 | lharries whatsapp-mcp v0.0.1 Path Traversal
https://vuldb.com/submit/824924
Exploit exploit
issue-tracking
https://github.com/lharries/whatsapp-mcp/issues/241
Patch issue-tracking
patch
https://github.com/BenGedi/whatsapp-mcp/pull/1
Product product
https://github.com/lharries/whatsapp-mcp/
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367544 | lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal
https://vuldb.com/vuln/367544
Scores
CVSS v3
3.5
EPSS
0.0027
EPSS Percentile
17.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
lharries/whatsapp-mcp
0.0.1
Published
Jun 01, 2026
Tracked Since
Jun 01, 2026