LOW
lharries
CVE published 2026-06-01
CVE-2026-10264
A path traversal vulnerability exists in the SendMessageRequest function within whatsapp-bridge/main.go of the whatsapp-mcp project, affecting version 0.0.1. The vulnerability is triggered through manipulation of the mediaPath argument to the Send API Endpoint, allowing an attacker to traverse the file system. The issue has been publicly disclosed and a patch is available. The CVSS 4.0 vector indicates an [truncated]