Description
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
Published: 2026-06-01
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 01 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
Title lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal
First Time appeared Lharries
Lharries whatsapp-mcp
Weaknesses CWE-22
CPEs cpe:2.3:a:lharries:whatsapp-mcp:*:*:*:*:*:*:*:*
Vendors & Products Lharries
Lharries whatsapp-mcp
References
Metrics cvssV2_0

{'score': 2.7, 'vector': 'AV:A/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Lharries Whatsapp-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-03T14:46:27.835Z

Reserved: 2026-05-31T12:51:28.835Z

Link: CVE-2026-10264

cve-icon Vulnrichment

Updated: 2026-06-03T14:43:25.729Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T15:16:32.830

Modified: 2026-06-01T16:41:55.090

Link: CVE-2026-10264

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:54:32Z

Weaknesses