CVE-2026-10264 | lharries whatsapp-mcp 0.0.1 Send API Endpoint whatsapp-bridge/main.go SendMessageRequest mediaPath path traversal (Issue 241)

A vulnerability, which was classified as critical, has been found in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal.

This vulnerability appears as CVE-2026-10264. The attacker needs to be present on the local network. In addition, an exploit is available.

It is recommended to apply a patch to fix this issue.

CVE-2026-10264 | lharries whatsapp-mcp 0.0.1 Send API Endpoint whatsapp-bridge/main.go SendMessageRequest mediaPath path traversal (Issue 241)

Post correlati

CVE-2025-14726 | trustindex Widgets for Social Photo Feed Plugin up to 1.8 on WordPress troubleshooting improper authorization

CVE-2023-5992 | OpenSC prior 0.24.0 PKCS#1 Padding information exposure

CVE-2025-36377 | IBM Security QRadar EDR up to 3.12.23 session expiration

CVE-2025-27683 | Vasion Print Virtual Appliance Host unrestricted upload