CVE-2026-10264: Path Traversal in lharries whatsapp-mcp 0.0.1
CVE-2026-10264 is a path traversal vulnerability in lharries whatsapp-mcp version 0.0.1, located in the SendMessageRequest function of the Send API Endpoint. An attacker with local access and user privileges can manipulate the mediaPath argument to traverse the file system and read sensitive files, though exploitation impact is limited to information disclosure. The vulnerability has been publicly disclosed.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 3.5 LOW · CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Weaknesses (CWE)
- CWE-22
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly disclosed and may be utilized. Patch name: 6657cdceadd361e8fbe824afe9d00b4504009a5d. It is recommended to apply a patch to fix this issue.
8 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability exists in whatsapp-bridge/main.go within the SendMessageRequest handler of the Send API Endpoint component. The flaw stems from insufficient input validation on the mediaPath parameter, which fails to properly sanitize or restrict file path traversal sequences. This permits an authenticated local attacker to construct requests containing path traversal payloads (e.g., ../ sequences) to access files outside the intended directory structure. The attack requires adjacent network access and valid user-level credentials, limiting the threat surface to internal or directly-connected threat actors.
Business impact
The risk to business operations is limited but non-negligible. The vulnerability allows unauthorized file read access on affected systems, potentially exposing configuration files, logs, or other sensitive data stored on the same host. In environments where whatsapp-mcp is deployed as part of a larger integration architecture, an authenticated insider or lateral-movement actor could extract sensitive information to support further attacks. The low CVSS score reflects the restricted attack vector and lack of integrity or availability impact.
Affected systems
Only lharries whatsapp-mcp version 0.0.1 is confirmed affected. This appears to be an early-stage or proof-of-concept component rather than a widely-deployed production tool. Organizations should verify whether this package or derivative versions are present in their environments, particularly in integration layers, testing platforms, or communication automation pipelines.
Exploitability
The vulnerability requires both local or adjacent network access and valid user credentials, making opportunistic exploitation unlikely in typical internet-facing deployments. However, because the flaw has been publicly disclosed, exploit tooling or proof-of-concept code may become available to threat actors already positioned inside the network or with valid credentials. The barrier to weaponization is low given the straightforward nature of path traversal attacks.
Remediation
Apply the patch identified as 6657cdceadd361e8fbe824afe9d00b4504009a5d. Organizations using whatsapp-mcp should verify this commit hash against the vendor's official repository to confirm authenticity. If patching is not immediately feasible, restrict access to the Send API Endpoint to trusted internal networks and limit user account privileges to the minimum required for functionality.
Patch guidance
Obtain the patched version from the official lharries whatsapp-mcp repository using the commit hash 6657cdceadd361e8fbe824afe9d00b4504009a5d as reference. Rebuild and redeploy the component after verifying the patch source. If using dependency management tools (e.g., Go modules), update the package declaration to pull the patched commit. Test in a non-production environment before rollout. Organizations should also review any logs or configuration exports that may have occurred while running the vulnerable version.
Detection guidance
Monitor Send API Endpoint logs for requests containing suspicious path traversal patterns in the mediaPath parameter, such as sequences like ../, ..\, or encoded variants (%2e%2e). Network-level detection should flag unexpected file access patterns or reads from directories outside the intended application namespace. Endpoint monitoring tools should alert on unusual file read operations initiated by processes running whatsapp-mcp with authenticated user credentials.
Why prioritize this
Although the CVSS score is low, this vulnerability should not be deprioritized entirely. Public disclosure means threat actors have detailed information; any internal or trusted-network-based attacker can trivially exploit it. Prioritize patching in environments where whatsapp-mcp has direct access to sensitive files or configuration data. However, internet-facing systems without direct whatsapp-mcp exposure can safely defer this below critical vulnerabilities.
Risk score, explained
The CVSS 3.1 score of 3.5 (LOW) reflects the restrictive attack vector (adjacent network or local access required), the need for valid user privileges, and the confidentiality-only impact (CWE-22 path traversal). No authentication bypass, remote execution, or system-wide compromise is possible. The score appropriately penalizes the credential and proximity requirements while acknowledging that file disclosure is still a real threat in trusted environments.
Frequently asked questions
Do we need to patch this immediately?
Not necessarily immediately, but urgently if whatsapp-mcp is deployed in production environments with access to sensitive data. Because the vulnerability requires valid credentials and local/adjacent access, internet-facing systems are at lower risk. Prioritize patching internal systems, development environments, and integration platforms where the component handles sensitive communications or file paths.
What happens if someone exploits this?
An attacker with valid user credentials and network access to the affected system can read arbitrary files that the whatsapp-mcp process has permission to access. This could expose API keys, configuration secrets, logs, or other sensitive data, but does not allow file modification, deletion, or remote code execution.
How do I know if my organization is affected?
Search your codebase and dependency manifests for lharries whatsapp-mcp version 0.0.1. This is an early-stage package, so it is likely only present in experimental, testing, or integration-focused deployments rather than general production environments. Check container images, Go module files, and integration framework configurations.
Is there a workaround if we can't patch immediately?
Yes. Restrict network access to the Send API Endpoint to trusted internal subnets only, enforce strict firewall rules, and ensure the process runs with the lowest possible user privileges. Additionally, ensure sensitive files (credentials, keys, configs) are stored in directories not accessible to the application process.
This analysis is provided for informational purposes to support vulnerability management and risk assessment. The information is based on publicly available data as of the publication date. Organizations should verify all patch versions and vendor guidance against official sources and test thoroughly in non-production environments before deployment. SEC.co does not provide guarantee of accuracy for future vendor communications or patch releases. Always consult the vendor's official security advisory for definitive technical details and patch instructions. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25393MEDIUMNavigate CMS 2.8.5 Path Traversal Vulnerability (CVSS 6.5)
- CVE-2018-25408HIGHOpen ISES Project Path Traversal Vulnerability (High Severity)
- CVE-2018-25421MEDIUMOpen STA Manager 2.3 Path Traversal File Download Vulnerability
- CVE-2019-25734MEDIUMContact Form by WD CSRF & Local File Inclusion Vulnerability
- CVE-2019-25740MEDIUMJoomla com_jsjobs Arbitrary File Deletion Vulnerability
- CVE-2024-40646HIGHVertex Path Traversal Vulnerability – Remote File Access Risk
- CVE-2024-47263MEDIUMSynology Hyper Backup Path Traversal – Admin Privilege Required
- CVE-2024-47273MEDIUMSynology Hyper Backup Path Traversal Vulnerability (4.3 MEDIUM)